There are two important points you need to keep in mind regarding the exchange of security information between CA Top Secret and the SFS server machine.
The first time a user attempts to access an SFS resource, the SFS Server machine invokes CA Top Secret and builds an internal table to maintain the security information it receives. For any subsequent access attempts, the SFS server will consult the internal table rather than CA Top Secret unless CMS is (re)IPLed.
When the SFS server is brought up, CA Top Secret will tell the server what DOWN options are in effect. If those DOWN options subsequently change, CA Top Secret will NOT inform the server unless the SFS machine is brought down and then restarted.
All filepool users and administrators will need the following CA Top Secret authorization:
