I need help with analyzing the output for the TSS LIST(ACIDS) DATA(ALL) command in Top Secret. I am new to this, so I apologize in advance if this is too simple of a question.
Here's what I have in my mind. In the case below, for MSCA, there's no question that it has FACILITY = *ALL* access (seen right underneath the TYPE option) - which means it truly has access to all facilities.
ACCESSORID = MSCA NAME = MASTER SECURITYTYPE = MASTER SIZE = 14336 BYTESFACILITY = *ALL*CREATED = 06*** 00:00 LAST MOD = 07/xxxx 13:26PROFILES = CxxxRGROUPS = OxxxxVATTRIBUTES = AUDIT,CONSOLELAST USED = 05/xxxx 08:35 CPU(MVS1) FAC(TPX ) COUNT(01195)
When analyzing the rest of the ACIDs, I noticed the FACILITY = *ALL* parameter for several other ACIDs, but this time, it's next to the LOCK TIME option. Also, the ACID has other facilities explicitly defined under the TYPE option:
ACCESSORID = CxxxxxxP NAME = ANY PROFILETYPE = PROFILE SIZE = 512 BYTESFACILITY = TSOFACILITY = CISCISFACILITY = SAMDNYDEPT ACID = D0022 DEPARTMENT = DEPTCREATED = 12/xxxxx 00:00 LAST MOD = 02/xxxx 09:06LOCK TIME = NEVER FACILITY = *ALL*
So, the question is - what does FACILITY = *ALL* (next to LOCK TIME) mean in the case above? Does it mean that it has access to all facilities, bypassing the 3 facilities that are explicitly defined above? Or something else? Such as, the lock time applies to all facilities, which then gets further controlled by the facilities defined on top?
Thank you in advance for your help.
What you are seeing LOCK TIME = NEVER FACILITY = *ALL* is there because an admin has entered the following command:
tss add(acid#) ltime(000) fac(all)
Use the LTIME keyword to specify how long (in minutes) until a user's terminal locks if CA Top Secret does not detect activity at that user's terminal.
Coding ltime(000) means DO NOT lock.
fac(xxxx) specifies the facility which the lock time is set for.
fac(all) means for ALL facility.
Let me know whether it answer to your question.
You'll find documentation about LTIME here.