Keywords › ACID Keyword—Authorize ACIDs

ACID Keyword—Authorize ACIDs

Valid on z/OS, z/VSE, and z/VM.

Use the ACID keyword to:

• Give administrators the authority to specify the authority levels at which they can manage ACIDs within their scope
• Cross authorize an ACID to submit jobs under another ACID

This keyword has the following format:

TSS ADMIN(acid) ACID(authority level(s))

TSS PERMIT(acid) ACID(acid)

This keyword can be used with:

• The commands CREATE, DELETE, ADDTO (STC only), PERMIT, REVOKE, RENAME, WHOHAS, and LIST
• The ACID types User, Profile, DCA, VCA, ZCA, LSCA, SCA, MSCA, and ALL

Authority Levels for the ACID Keyword

The CA Top Secret administrator can specify the authority levels:

ALL

Grants all of the ACID type authorities.

AUDIT

Allows an administrator to attach the AUDIT attribute to ACIDs within his scope. This authority level is required to report on the AUDIT attribute. An administrator without ACID(AUDIT) may not run TSSAUDIT and is not able to see the AUDIT attribute through TSS LIST.

CREATE

Gives an administrator the authority to CREATE and DELETE ACIDs.

DEFNODES

The ability to ADD, REMOVE, and REPLACE DEFNODES on an ACID record.

INFO

Allows administrators to use the WHOHAS function to determine who has access to specific ACIDs used for job submissions.

REPORT

Grants the administrator the authority to use the TSSUTIL and TSSCHART utilities to prepare customized reports showing the security activity for ACIDs within his scope.

MAINTAIN

Allows administrators to perform TSS command functions for ACIDs within their scope, including:

• RENAME—Renames an ACID.
• MOVE—Moves an ACID from one department or division to another. MOVE will work only if both the source organization and the destination are within the administrator's scope. MOVE authority is not valid if assigned to users or DCAs.
• REPLACE—Does one of the following:
  • Replaces the NAME of an ACID
  • Replaces the ACID's password information
  • Replaces the expiration date for an ACID via the FOR keyword
  • Replaces the CICS OPIDENT, OPPRTY, OPCLASS, PHYSKEY, and/or SITRAN values for an ACID
• ADDTO—Does one of the following:
  • Adds the SOURCE from which an ACID may initiate
  • Adds CICS OIDCARD and PHYSKEY values
  • Adds the profiles to which an ACID is connected

• Adds the TSOMPW attribute that supports multiple passwords, on a user‑by‑user basis, in UADS

XAUTH

Gives the authority to PERMIT or REVOKE ACIDs used for job submissions.

Examples: ACID keyword

This example gives the Payroll Department's auditor the authority to generate TSSUTIL reports regarding ACID activity, and the authority to see who has access to the department's job submission ACIDs, via the WHOHAS function:

TSS ADMIN(PAYAUD) ACID(REPORT,INFO)

This example gives the Payroll Department's auditor the authority to prepare customized reports showing security activity:

TSS ADMIN(PAYAUD) RESOURCE(REPORT)

This example gives a DCA the authority to create, delete, and maintain the department's ACIDs, and to permit users in the department to use job submission ACIDs to submit jobs:

TSS ADMIN(TECHDCA) ACID(CREATE,MAINTAIN,XAUTH)

This example removes TECHDCA's authority for ACIDs:

TSS DEADMIN(TECHDCA) ACID(CREATE,MAINTAIN,XAUTH)

This example allows user WYLMI01 to submit a job under SMITH01:

TSS PERMIT(WYLMI01) ACID(SMITH01)