Hi Vince,
I assume, that every resname in resclass CSFSERV begins with ‚CSF'.
After you have established ownership, you could
PERMIT(ALL) CSFSERV(CSF) ACC(ALL) ACTION(AUDIT)
This grants every CSF access to everybody and every reference cuts and audit record.
Then you can analyze the audit records and do specific PERMITs to specific TSS-PROFILEs or USERs., which reduces the number of audit records tricgered by the generic permit to the all record. (i.g. because of the „better match")
After a certain period of time and when no more audit records are written, you could
REVOKE(ALL) CSFSERV(CSF) to enforce the specific permissions.
Hope, that works for you. (Top Secret's behaviour could be influenced by some Startup-options or other factors)
Kind regards,
Josef
Original Message:
Sent: 01-14-2020 02:12 PM
From: Elliott
Subject: Top Secret CSFSERV profiles
I'm primarily a RACF admin. I am defining resources to CSFSERV in RDT. Is there a TSS equivalent to RACF so I can define a CSFSERV profile in WARN mode which allows access but reports it so the permission can be granted as encountered?