Top Secret

Hello Top Secret Community,

Is there a possibility to enforce a comment for the TSS-Command?

Background: about comment from Command functions guide:

■ Comments are maintained on the command when logged to the Recovery File. This tool may be useful for documenting the reason the administration was performed.

I'd like to exploit the comment-opportunity to "tie" my executed admin commands to the originating workflow- or incident-id - for auditing reasons. And I would like to enforce the specification of a comment in a command, so that I cannot forget it,

Is there an option in TSS to achieve this out-of-the-box? Would this be a valuable enhancement idea for others?

Many thanks in advance....

Josef

I would suggest that an operand be provided on a command where a change identifier can be entered.

This change identifier should be applicable to any command where that updates the security file or that updates the configuration (TSS MODIFY).

This change identifier should not be applicable to a TSS LIST, TSS WHOHAS, or TSS WHOOWNS command.

An exit point should be provided in the TSS installation exit where the change identifier can be validated.

The change identifier should be recorded in the TSS recovery file and in the CA Compliance Manager z/OS logstream.

John P. Baker

HI Jose,

I understand what you are looking for.  In 2014 working in a SOX world, every command really needs a comment to know why it was issued.

I am not sure if this helps, but there is an add-on product for Top Secret called TSS Admin Express.  When using this product to issue commands, it has the ability to prompt you that you have not issued a comment for the command.  The downside is that you can bypass admin express and issue the command nativley, but the functionality is there.

I recommend this product a lot.

TSSadmin Express - What's in your Mainframe?

Kevin

John, Kevin,

many thanks to both of you for your idea's and feedback ...

Josef