RACF Compatibility Mode

The RACF Compatibility Mode feature of CA Top Secret is provided as a migration aid for converting from any RACF compatible security product to CA Top Secret. When running in RACF Compatibility Mode, CA Top Secret provides administrative command support for the creation of the CA Top Secret Security File only, while the RACF compatible security product continues to provide resource protection for the VM system. Once the Security File has been created, the migration to CA Top Secret can be completed by regenerating your CP nucleus to replace the RACF compatible security product’s CP modules with the equivalent CA Top Secret modules.

Security administration may be performed by entering TSS commands, either from CMS or by submitting TSSCRIPT jobs to the CA Top Secret server virtual machine. However, administrators that will be entering TSS commands from CMS must first establish a communications link with the CA Top Secret server virtual machine, since CA Top Secret has not been generated into the CP nucleus. To do this, the administrator’s userid must be authorized to establish an IUCV connection with the CA Top Secret server virtual machine userid, using the CP directory IUCV statement. Once the administrator’s userid has IUCV authorization, the communications link is established and the TSS command is defined as a nucleus extension by entering the TSSRCMD command.

Shown below is a sample terminal sesssion highlighting this process:

--> TSSRCMD
    Ready;
--> TSS LIST(ALL) DATA(XAUTH)
    TSS9909I IUCV connection accepted by Top Secret
    TSS0130I ADMIN1 Last-used 05 NOV 92 15:14 System=SYSA Facility=VM
    TSS0131I Count=00017 Mode=Warn Name=ADMINISTRATOR
    ACCESSORID = *ALL*     NAME          = GLOBAL-RESOURCES
    XA MINIDISK= MAINT.0190
       ACCESS  = READ
    XA MINIDISK= MAINT.019E
       ACCESS  = READ

    TSS0300I  LIST       FUNCTION SUCCESSFUL

    Ready;
--> TSS PERMIT(ALL) VMMDISK(SYSADMIN.0399) ACCESS(READ)

    TSS0300I  PERMIT     FUNCTION SUCCESSFUL

    Ready;
--> TSS LIST(ALL) DATA(XAUTH)
    ACCESSORID = *ALL*     NAME          = GLOBAL-RESOURCES
    XA MINIDISK=MAINT.0190                                 OWNER(MASTER)
       ACCESS  =READ
    XA MINIDISK=MAINT.019E                                 OWNER(MASTER)
       ACCESS  =READ
    XA MINIDISK=SYSADMIN.0399                              OWNER(MASTER)
       ACCESS  =READ

    TSS0300I  LIST       FUNCTION SUCCESSFUL

    Ready;

Note the following:

• The TSSRCMD command needs to be executed only once during each IPLof the CMS environment.
• When running in RACF Compatibility Mode, the TSS command exists, after execution of the TSSRCMD command, in the CMS environment only. In other words, the CP TSS command does not exist.