Top Secret

  • 1.  Help with output analysis for TSS LIST(ACIDS) DATA(ALL)

    Posted Sep 28, 2016 10:07 AM

    Hello all,

    I need help with analyzing the output for the TSS LIST(ACIDS) DATA(ALL) command in Top Secret. I am new to this, so I apologize in advance if this is too simple of a question.

     

    Here's what I have in my mind. In the case below, for MSCA, there's no question that it has FACILITY = *ALL* access (seen right underneath the TYPE option) - which means it truly has access to all facilities.

     

    ACCESSORID = MSCA NAME = MASTER SECURITY
    TYPE = MASTER SIZE = 14336 BYTES
    FACILITY = *ALL*
    CREATED = 06*** 00:00 LAST MOD = 07/xxxx 13:26
    PROFILES = CxxxR
    GROUPS = OxxxxV
    ATTRIBUTES = AUDIT,CONSOLE
    LAST USED = 05/xxxx 08:35 CPU(MVS1) FAC(TPX ) COUNT(01195)

     

    When analyzing the rest of the ACIDs, I noticed the FACILITY = *ALL* parameter for several other ACIDs, but this time, it's next to the LOCK TIME option. Also, the ACID has other facilities explicitly defined under the TYPE option:

     

    ACCESSORID = CxxxxxxP NAME = ANY PROFILE
    TYPE = PROFILE SIZE = 512 BYTES
    FACILITY = TSO
    FACILITY = CISCIS
    FACILITY = SAMDNY
    DEPT ACID = D0022 DEPARTMENT = DEPT
    CREATED = 12/xxxxx 00:00 LAST MOD = 02/xxxx 09:06
    LOCK TIME = NEVER FACILITY = *ALL*


    So, the question is - what does FACILITY = *ALL* (next to LOCK TIME) mean in the case above? Does it mean that it has access to all facilities, bypassing the 3 facilities that are explicitly defined above? Or something else? Such as, the lock time applies to all facilities, which then gets further controlled by the facilities defined on top?

    Thank you in advance for your help.



  • 2.  Re: Help with output analysis for TSS LIST(ACIDS) DATA(ALL)
    Best Answer

    Posted Sep 28, 2016 10:42 AM

    Hi,

     

    What you are seeing LOCK TIME = NEVER FACILITY = *ALL* is there because an admin has entered the following command:

     

    tss add(acid#) ltime(000) fac(all)

     

    Use the LTIME keyword to specify how long (in minutes) until a user's terminal locks if CA Top Secret does not detect activity at that user's terminal.

     

    Coding ltime(000) means DO NOT lock.

    fac(xxxx) specifies the facility which the lock time is set for.

    fac(all) means for ALL facility.

     

    Let me know whether it answer to your question.

     

    Sincerely, Jacques.



  • 3.  Re: Help with output analysis for TSS LIST(ACIDS) DATA(ALL)

    Broadcom Employee
    Posted Sep 28, 2016 10:49 AM

    You'll find documentation about LTIME here.

    -Kris