CA Top Secret Security for z/os CA RS 1403 Service List

Transcription

1 CA Top Secret Security for z/os CA RS 1403 Service List Description Hiper 15.0 RO56578 S378 ABENDS ON CPF COMMANDS WITH ARCHIVE KEYWORD RO58844 UPDATE CIA REAL-TIME TO RE-SYNC WITH COMMON CODE RO60107 CIA DATACOM INSTALL JCL IMPROVEMENTS RO61554 S878 ISSUING CIARTUPD,STATUS COMMANDS RO61990 CICS NON QR TCB BYPASSING SECURITY CHECKS RO62598 IMS: ADD SUPPORT FOR IMS 13.1 RO62599 IMS: ADD SUPPORT FOR IMS 13.1 RO62765 ABEND 0C4 WITH CIA, GARBAGE HI-ORDER WORD 64-BIT ADDRESSES RO62836 CICS QUERY SECURITY WITH "+A" SUPPORT RO63094 ABEND S0C4 IN TSSKECA+30EC WITH FLOATING MASK '-' RO63236 TSSXTEND JCL DEFAULTS SUPPLIED WITH VSAM FILES COMMENTED OUT RO64045 PASSWORD CHANGE IN CLEAR TEXT SENT TO CMGR RO64145 CIA0821E CIA/RT SQL ERROR - SQLCODE= RO64540 SP-252 KEY-0 DEADMAIN STORAGE SAFKDATA RO64641 NEW RDT ENTRY DB2VAR FOR DB2 11 RO64820 TSS LIST ARCHIVE CONTAINS ACEDEFAU RO64829 LIST/ARCHIVE COMMAND OF SCTYKEY(*ALL*) ERROR RO64897 CICS TIGHTEN STORAGE MANAGEMENT FOR THREADSAFE RO64997 TSS ADD(USER) GID(?) GETS DUPLICATE ENTRY IN SAF TABLE RO65119 IDMS 18.5 APPLICATION GETS RC=16 W/ TSSMAI RO65209 LIST NDT SESSKEY W/OUT ADMIN DATA(SESSKEY) RO65237 SPECIFYING LABLPKDS INVALID DURING RENEWAL OF CERTIFICATE RO65643 PRIVATE KEY NOT REMOVED FROM ICSF WHEN FORCE SPECIFIED RO65763 SA03 ABEND AT TSS SHUTDOWN RO65913 ENHANCE CLIST TSSBRWZ IN SPLIT SCREEN ENV RO67514 GETUMAP RETURN '*MSCA*' EVEN IF ACEE HAS UID=0 **HIPER** RO67810 AUTOUID/UNIQUSER NOT WORKING IF TCBSENV POPULATED **HIPER** The CA RS 1403 service count for this release is 27

2 CA Top Secret Security for z/os CA RS 1403 Service List Description Hiper 14.0 NO-SRVC CA RS 1403 Contains No Service For This Release of This Product. The CA RS 1403 service count for this release is 0

3 CA Top Secret Security for z/os 3 CA RS 1403 Service List for CAKOF00 FMID Service Description Hiper CAKOF00 RO56578 S378 ABENDS ON CPF COMMANDS WITH ARCHIVE KEYWORD RO58844 UPDATE CIA REAL-TIME TO RE-SYNC WITH COMMON CODE RO60107 CIA DATACOM INSTALL JCL IMPROVEMENTS RO61554 S878 ISSUING CIARTUPD,STATUS COMMANDS RO62598 IMS: ADD SUPPORT FOR IMS 13.1 RO62765 ABEND 0C4 WITH CIA, GARBAGE HI-ORDER WORD 64-BIT ADDRESSES RO63094 ABEND S0C4 IN TSSKECA+30EC WITH FLOATING MASK '-' RO63236 TSSXTEND JCL DEFAULTS SUPPLIED WITH VSAM FILES COMMENTED OUT RO64045 PASSWORD CHANGE IN CLEAR TEXT SENT TO CMGR RO64145 CIA0821E CIA/RT SQL ERROR - SQLCODE= RO64540 SP-252 KEY-0 DEADMAIN STORAGE SAFKDATA RO64641 NEW RDT ENTRY DB2VAR FOR DB2 11 RO64820 TSS LIST ARCHIVE CONTAINS ACEDEFAU RO64829 LIST/ARCHIVE COMMAND OF SCTYKEY(*ALL*) ERROR RO64997 TSS ADD(USER) GID(?) GETS DUPLICATE ENTRY IN SAF TABLE RO65209 LIST NDT SESSKEY W/OUT ADMIN DATA(SESSKEY) RO65237 SPECIFYING LABLPKDS INVALID DURING RENEWAL OF CERTIFICATE RO65643 PRIVATE KEY NOT REMOVED FROM ICSF WHEN FORCE SPECIFIED RO65763 SA03 ABEND AT TSS SHUTDOWN RO65913 ENHANCE CLIST TSSBRWZ IN SPLIT SCREEN ENV RO67514 GETUMAP RETURN '*MSCA*' EVEN IF ACEE HAS UID=0 **HIPER** RO67810 AUTOUID/UNIQUSER NOT WORKING IF TCBSENV POPULATED **HIPER** The CA RS 1403 service count for this FMID is 22

4 CA Top Secret Security for z/os 4 CA RS 1403 Service List for CAKOF01 FMID Service Description Hiper CAKOF01 RO61990 CICS NON QR TCB BYPASSING SECURITY CHECKS RO62836 CICS QUERY SECURITY WITH "+A" SUPPORT RO64897 CICS TIGHTEN STORAGE MANAGEMENT FOR THREADSAFE The CA RS 1403 service count for this FMID is 3

5 CA Top Secret Security for z/os 5 CA RS 1403 Service List for CAKOF02 FMID Service Description Hiper CAKOF02 RO62599 IMS: ADD SUPPORT FOR IMS 13.1 The CA RS 1403 service count for this FMID is 1

6 CA Top Secret Security for z/os 6 CA RS 1403 Service List for CAKOF03 FMID Service Description Hiper CAKOF03 RO65119 IDMS 18.5 APPLICATION GETS RC=16 W/ TSSMAI The CA RS 1403 service count for this FMID is 1

7 CA Top Secret Security for z/os CA RS PTF RO RO56578 RO56578 M.C.S. ENTRIES = ++PTF (RO56578) S378 ABENDS ON CPF COMMANDS WITH ARCHIVE KEYWORD If a TSS LIST command with the ARCHIVE keyword is sent to another system using CPF, an S378 abend will occur while processing the command. TSS9190A CA-TSS COMMAND PROCESSOR ABEND S378 IN TSSAUTH1+xxxxx CCSR010E TSSAUTHZ S378 at 1D6905AA LMOD TSSAUTH CSECT TSSAUTAR+xxxxxx Command will abend on all remote systems and will likely hang on the sending system, making the command processor unavailable for further commands. Since all outbound CPF commands with WAIT(Y) may use this processor, no such commands can be issued. Run any ARCHIVE commands with TARGET(=) specified. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9415 Copyright (C) 2013 CA. All rights reserved. R00765-TSS150-SP1 DESC(S378 ABENDS ON CPF COMMANDS WITH ARCHIVE KEYWORD). PRE ( RO22442 RO25119 RO35644 RO36198 ) SUP ( TR56578 ) ++HOLD (RO56578) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13312) CA Top Secret for z/os Release 15.0 SEQUENCE After APPLY PURPOSE Resolve S378 abends on CPF commands with ARCHIVE keyword USERS AFFECTED All users that leverage the TSS ARCHIVE command and CPF KNOWLEDGE 1- Product Administration 2- SMP/E REQUIRED 3- z/os Systems Programming 4- Security Administration ACCESS REQUIRED SMP/E CSI libraries SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

8 CA Top Secret Security for z/os CA RS PTF RO RO58844 RO58844 M.C.S. ENTRIES = ++PTF (RO58844) UPDATE CIA REAL-TIME TO RE-SYNC WITH COMMON CODE Changes were made to the common code for the CIA REAL-TIME product. This apar will just keep the Top Secret specific code for REAL-TIME in sync with the common code update. None. None. The code works correctly as distributed. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9442 Copyright (C) 2013 CA. All rights reserved. R00793-TSS150-SP1 DESC(UPDATE CIA REAL-TIME TO RE-SYNC WITH COMMON CODE). PRE ( RO36198 RO36912 RO47730 RO50925 ) SUP ( TR58844 ) ++HOLD (RO58844) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13344) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Keep CIA Real Time code in sync with common code. USERS AFFECTED None. No external symptoms. KNOWLEDGE REQUIRED SMP/E knowledge. ACCESS 1- Product Administration 2-SMP/E REQUIRED 3- z/os Systems programming 4- Security Administration SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

9 CA Top Secret Security for z/os CA RS PTF RO RO60107 RO60107 M.C.S. ENTRIES = ++PTF (RO60107) CIA DATACOM INSTALL JCL IMPROVEMENTS JCL member CIADCOM does not delete existing data sets IXX3600, G013600, and G prior to re-allocation. JCL member CIALINKC updated target data set SYSLMOD to point at the Datacom CUSLIB and eliminate the CAI.CIADCOM reference. JCL member CIAMUF updated to remove reference to unnecessary data set CAI.CIADCOM. CIADCOM job step ALLOCATE will fail if you run JCL CIADCOMD to delete a previously installed CIA Datacom data base. You will have to physically delete the listed data sets in order for the ALLOCATE step to run successfully. Use ISPF to delete data sets IXX3600, G013600, and G PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9454 Copyright (C) 2013 CA. All rights reserved. R00816-TSS150-SP1 DESC(CIA DATACOM INSTALL JCL IMPROVEMENTS). PRE ( RO47608 RO47730 RO50925 ) SUP ( TR60107 )

10 CA Top Secret Security for z/os CA RS PTF RO RO61554 RO61554 M.C.S. ENTRIES = ++PTF (RO61554) S878 ISSUING CIARTUPD,STATUS COMMANDS Issuing CIA real-time status commands can cause a DEADMAIN of buffers in below the line memory, subpool 0 key 8. The problem can occur when issuing numerous STATUS commands over time. The CIARTUPD address space ABENDS with S in module CIARTSTS. CIA real-time events will no longer be sent. Do not issue CIA STATUS commands numerous times. If the region ABENDS the CIARTUPD address space can be restarted. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS 9475 Copyright (C) 2013 CA. All rights reserved. R00841-TSS150-SP1 DESC(S878 ISSUING CIARTUPD,STATUS COMMANDS). PRE ( RO36198 RO47730 ) SUP ( TR61554 ) ++HOLD (RO61554) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13277) PRODUCT: CA-TOP SECRET-MVS RELEASE 15.0 SEQUENCE: AFTER APPLY. Purpose: This APAR corrects the following problems: 1. S while issue numerous CIA STATUS commands Relevance: All users that are using CIA REALTIME Knowledge required: 1- Product Administration 2- SMP/E 3- z/os Systems Programming 4- Security Administration Access required: SMP/E CSI libraries Steps to Perform: SMP APPLY, LLA REFRESH and a restart CIA REALTIME is required to install this APAR.

11 CA Top Secret Security for z/os CA RS PTF RO RO61990 RO61990 M.C.S. ENTRIES = ++PTF (RO61990) CICS NON QR TCB BYPASSING SECURITY CHECKS Code designed to prevent cache box corruption under non-qr TCB validations may cause validations to be bypassed. The non-qr TCB authorization checking is normally done within Non-terminal high performance transactions such as JAVA or other workloads running under non-qr TCB's. Security checks could be treated as if the transaction was on the TRANID bypass list. Example: Query security calls will not function correctly. Potentially those running and securing these types of transactions may experience them running outside of the QR TCB. None PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 Release 14.0 TSSMVS 9481 Copyright (C) 2013 CA. All rights reserved. R00846-TSS150-SP1 DESC(CICS NON QR TCB BYPASSING SECURITY CHECKS). FMID (CAKOF01) SUP ( AR43979 TR48398 RO48398 TR61990 ) ++HOLD (RO61990) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13344) CA Top Secret for z/os CICS Component Release 15.0 SEQUENCE After Apply PURPOSE Correct the cachebox bypass processing for NON QR TCB USERS AFFECTED All CICS Regions executing Non QR TCB's. KNOWLEDGE 1- Product Adminstration 2- SMP/E REQUIRED 3- Z/OS Systems programming 4- Security Administration ACCESS REQUIRED SMP/E CSI Libraries SMP APPLY, LLA REFRESH and a restart CICS region is required to install this APAR.

12 CA Top Secret Security for z/os CA RS PTF RO RO62598 RO62598 M.C.S. ENTRIES = ++PTF (RO62598) IMS: ADD SUPPORT FOR IMS V13 IBM has released IMS V13. The solutions for this problem provide support for IMS V13 in the CA Top Secret for z/os IMS option under Top Secret release Not applicable. Without this support, the Top Secret IMS interface will not function in an IMS V13 environment. Not applicable. PRODUCT(S) AFFECTED: CA-Top Secret-IMS Release 15.0 TSSMVS 9325 Copyright (C) 2013 CA. All rights reserved. R00848-TSS150-SP1 DESC(IMS: ADD SUPPORT FOR IMS 13.1). SUP ( TR27587 RO27587 TR52677 TR62598 ) ++IF FMID(CAKOF02) REQ( RO62599). ++HOLD (RO62598) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13249) PRODUCT: CA-TOP SECRET-MVS RELEASE 15.0 SEQUENCE: AFTER APPLY Purpose: Add support for IMS V13 Relevance: All IMS clients that are running IMS V13 Knowledge required: 1. Product Administration 2. SMP/E 3. z/os Systems Programming Access required: SMP/E CSI libraries Steps to Perform: 1. F LLA,REFRESH 2. Restart TSS with,,,reinit 3. Bring up IMS V13

13 CA Top Secret Security for z/os CA RS PTF RO RO62599 RO62599 M.C.S. ENTRIES = ++PTF (RO62599) IMS: ADD SUPPORT FOR IMS V13 IBM has released IMS V13. The solutions for this problem provide support for IMS V13 in the CA Top Secret for z/os IMS option under Top Secret release Not applicable. Without this support, the Top Secret IMS interface will not function in an IMS V13 environment. Not applicable. PRODUCT(S) AFFECTED: CA-Top Secret-IMS Release 15.0 TSSMVS 9325 Copyright (C) 2013 CA. All rights reserved. R00848-TSS150-SP1 DESC(IMS: ADD SUPPORT FOR IMS 13.1). FMID (CAKOF02) SUP ( TR52678 TR62599 ) ++IF FMID(CAKOF00) REQ( RO62598). ++HOLD (RO62599) SYSTEM FMID(CAKOF02) REASON (ACTION ) DATE (13249) PRODUCT: CA-TOP SECRET-MVS RELEASE 15.0 SEQUENCE: F LLA,REFRESH, THEN RESTART TSS WITH,,,REINIT Bring up the IMS V13 region Purpose: Add support for IMS V13 Relevance: All IMS client that are running IMS V13 Knowledge required: 1- Product Administration 2- SMP/E 3- z/os Systems Programming Access required: SMP/E CSI libraries Steps to Perform: F LLA,REFRESH, then restart TSS with,,,reinit Bring up IMS V13

14 CA Top Secret Security for z/os CA RS PTF RO RO62765 RO62765 M.C.S. ENTRIES = ++PTF (RO62765) ABEND 0C4 WITH CIA, GARBAGE HI-ORDER WORD 64-BIT ADDRESSES There is a possibility of an S0C4 abend in various CIA logger modules due to garbage in the hi-order word of a 64-bit address. This will only happen when the z/os system trap IEAINITREGSTASK is active and the control option CIART(ACTIVE) is selected. The following abends / messages occur during initialization: CAS2260E CIARTLGI S0C4 at xxxxxxxx LMOD CIARTLGI CSECT N/A CAS2260E CIARTLGR S0C4 at xxxxxxxx LMOD CIARTLGM CSECT N/A The CIA real time logger task will not activate correctly. Turn off the z/os sytem diagnostic trap IEAINITREGSTASK. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9485 Copyright (C) 2013 CA. All rights reserved. R00849-TSS150-SP1 DESC(ABEND 0C4 WITH CIA, GARBAGE HI-ORDER WORD 64-BIT ADDRESSES). PRE ( RO36198 RO36929 ) SUP ( TR62765 ) ++HOLD (RO62765) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13344) SEQUENCE AFTER APPLY PURPOSE Allow use of CIA real time logger task without abends when using diagnostic trap IEAINITREGSTASK. USERS AFFECTED All users that leverage CIA Real Time feature. KNOWLEDGE 1- Product Administration 2- SMP/E REQUIRED 3- z/os Systems Programming 4- Security Administration ACCESS REQUIRED SMP/E CSI libraries 1. F LLA,REFRESH 2. TSS,REFRESH(SAF) 3. TSS,CIART(DISCONNECT) 4. TSS,CIART(INACTIVE) 5. TSS,CIART(ACTIVE)

15 CA Top Secret Security for z/os CA RS PTF RO RO62836 RO62836 M.C.S. ENTRIES = ++PTF (RO62836) CICS QUERY SECURITY WITH "+A" SUPPORT The EXEC CICS Query Security command does not work with "+A" support for the TRANID bypass list. Security checks that should be allowed are failed, even though the transaction id is in the TRANID bypass with "+A". One cannot use "+A" support to monitor query security calls. None. PRODUCT(S) AFFECTED: CA Top Secret for Z/OS Release 15.0 CA Top Secret for z/os Release 14.0 TSSMVS 9486 Copyright (C) 2013 CA. All rights reserved. R00850-TSS150-SP1 DESC(CICS QUERY SECURITY WITH "+A" SUPPORT). FMID (CAKOF01) SUP ( TR49273 TR49994 TR57223 TR57586 RO49994 RO57586 TR62836 ) ++HOLD (RO62836) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13280) PRODUCT: CA TOP SECRET FOR Z/OS CICS COMPONENT RELEASE 15.0 SEQUENCE: AFTER APPLY Purpose: CICS Query Security Commands to work with "+A" TRANID bypass list support. Relevance: Client using the "+A" support to bypass list and Query Security command in CICS. Knowledge required: 1- Product Administration 2- SMP/E 3- z/os Systems Programming 4- CICS Systems Programming Access required: SMP/E CSI libraries Steps to Perform: F LLA,REFRESH, then recycle CICS region

16 CA Top Secret Security for z/os CA RS PTF RO RO63094 RO63094 M.C.S. ENTRIES = ++PTF (RO63094) ABEND S0C4 IN TSSKECA+30EC WITH FLOATING MASK '-' When using Compliance Manager, an S0C4 abend can occur in program TSSKECA at offset 30EC. This can occur if the permission used to grant or deny resource access has been defined with the floating mask character '-'. When an abend does not occur, the event record delivered to Compliance Manager will contain invalid data in the CA Top Secret permission area of the event record. TSS9999E CA-TSS SECURITY SVC ABEND S0C4 IN TSSKERNL+1228C (TSSKECA+30EC) An SVCDUMP will be taken for the abend. The task issuing the resource check that abends should recover. Do not use floating mask permissions for prefixed resources. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9490 Copyright (C) 2013 CA. All rights reserved. R00858-TSS150-SP1 DESC(ABEND S0C4 IN TSSKECA+30EC WITH FLOATING MASK '-'). PRE ( RO26450 RO47730 RO55678 ) SUP ( RO24344 RO25077 RO27279 RO41076 RO48059 RO53077 RO54379 RO55069 TR24211 TR24344 TR25077 TR27279 TR41076 TR44357 TR48059 TR53077 TR54379 TR54504 TR55069 TR63094 ) ++HOLD (RO63094) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13263) PRODUCT: CA TOP SECRET FOR Z/OS RELEASE 15.0 SEQUENCE: AFTER APPLY. Purpose: Allow use of Compliance Manager event generation without abends when resource permissions contain a floating mask. Relevance: All clients using Compliance Manager with Top Secret. Knowledge required: 1- Product Administration 2- SMP/E 3- z/os Systems Programming Access required: SMP/e CSI libraries Steps to Perform: 1. F LLA,REFRESH 2. Restart TSS with,,,reinit

17 CA Top Secret Security for z/os CA RS PTF RO RO63236 RO63236 M.C.S. ENTRIES = ++PTF (RO63236) TSSXTEND JCL DEFAULTS SUPPLIED WITH VSAM FILES COMMENTED OUT The TSSXTEND JCL sample supplied with the product includes the SECOVSM and SECNVSM files commented out. TSSXTEND will run in this situation but will not produce an r15 usable security file as there will be no VSAM companion file. No security certificates will exist. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9239 Copyright (C) 2013 CA. All rights reserved. R00862-TSS150-SP1 DESC(TSSXTEND JCL DEFAULTS SUPPLIED WITH VSAM FILES COMMENTED OUT). SUP ( TR55338 TR55343 RO55343 TR63236 )

18 CA Top Secret Security for z/os CA RS PTF RO RO64045 RO64045 M.C.S. ENTRIES = ++PTF (RO64045) PASSWORD CHANGE IN CLEAR TEXT SENT TO CMGR If a 'TSS REPL(userid)PASSWORD(abcdefgh)' command is issued, the password will be recorded in the CA Compliance Manager logstream in clear text. It should be 'TSS REPL(userid)PASSWORD(SUPPRESSED)' Password change is recorded in clear text to CA Compliance Manager. Password change is recorded in clear text to CA Compliance Manager. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9495 Copyright (C) 2013 CA. All rights reserved. R00876-TSS150-SP1 DESC(PASSWORD CHANGE IN CLEAR TEXT SENT TO CMGR). PRE ( RO26450 RO47730 RO55678 ) SUP ( RO24344 RO25077 RO27279 RO41076 RO48059 RO53077 RO54379 RO55069 RO63094 TR24211 TR24344 TR25077 TR27279 TR41076 TR44357 TR48059 TR53077 TR54379 TR54504 TR55069 TR63094 TR63379 TR64045 ) ++HOLD (RO64045) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13344) SEQUENCE AFTER APPLY PURPOSE Password change in CMGR displays in clear text. USERS AFFECTED All users that leverage CMGR. KNOWLEDGE 1- Product Administration 2- SMP/E REQUIRED 3- z/os Systems Programming 4- Security Administration ACCESS REQUIRED SMP/E CSI libraries SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

19 CA Top Secret Security for z/os CA RS PTF RO RO64145 RO64145 M.C.S. ENTRIES = ++PTF (RO64145) CIA0821E CIA/RT SQL ERROR - SQLCODE= If using CIA/RT and a 'TSS ADD(deptacid) DSN(xxxx) UNDERCUT' command is issued, it is possible that the SQL command for 'Event: ADDTO org ACID' could fail with the following error message: CIA0821E CIA/RT SQL ERROR - SQLCODE= DSNT408I SQLCODE = -180, ERROR: THE DATE, TIME, OR TIMESTAMP VALUE *N IS INVALID SQL command fails as reported in the CIA/RT journal file with: CIA0821E CIA/RT SQL ERROR - SQLCODE= DSNT408I SQLCODE = -180, ERROR: THE DATE, TIME, OR TIMESTAMP VALUE *N IS INVALID Updates for the TSS command will not be reflected in the DB2 or CA DATACOM databases. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9503 Copyright (C) 2013 CA. All rights reserved. R00877-TSS150-SP1 DESC(CIA0821E CIA/RT SQL ERROR - SQLCODE= - 180). PRE ( RO36198 ) SUP ( TR64145 ) ++HOLD (RO64145) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13340) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Address CIA/RT SQL ERROR USERS All users that leverage CIA/RT. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of CIA/RT region to install this APAR.

20 CA Top Secret Security for z/os CA RS PTF RO RO64540 RO64540 M.C.S. ENTRIES = ++PTF (RO64540) SP-252 KEY-0 DEADMAIN STORAGE SAFKDATA If a large number of R_datalib Function=DataGetFirst are issued the data passed, getmained in SP-252 KEY=0 with an eyecatcher of SAFKDATA is not being released and could result in the address space running out of storage. S878 and out of storage condition. The region needs to be recycled. Recycle of address space. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS 9487 Copyright (C) 2013 CA. All rights reserved. R00882-TSS150-SP1 DESC(SP-252 KEY-0 DEADMAIN STORAGE SAFKDATA). PRE ( RO25900 RO35644 RO36198 RO55678 ) SUP ( TR62950 TR64540 ) ++HOLD (RO64540) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13338) CA Top Secret for z/os Release 15.0 SEQUENCE AFTER APPLY PURPOSE Address SP-252 KEY-0 DEADMAIN STORAGE USERS All users issuing large number R_datalib AFFECTED Function=DataGetFirst KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

21 CA Top Secret Security for z/os CA RS PTF RO RO64641 RO64641 M.C.S. ENTRIES = ++PTF (RO64641) NEW RDT ENTRY DB2VAR FOR DB2 11 ROBLEM DESCRIPTION: Add new RDT entry for resource DB2VAR. This resource is needed for DB2 11. Missing RDT entry DB2VAR. Not applicable. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9397 Copyright (C) 2013 CA. All rights reserved. R00885-TSS150-SP1 DESC(NEW RDT ENTRY DB2VAR FOR DB2 11). PRE ( RO18634 RO19256 RO35644 RO36198 ) SUP ( TR31217 RO31217 TR55095 TR56352 TR64641 ) ++HOLD (RO64641) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13305) CA Top Secret for z/os Release 15.0 SEQUENCE AFTER APPLY PURPOSE NEW RDT ENTRY DB2VAR FOR DB2 V11 USERS All users that levarge DB2 V11 AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR.

22 CA Top Secret Security for z/os CA RS PTF RO RO64820 RO64820 M.C.S. ENTRIES = ++PTF (RO64820) TSS LIST ARCHIVE CONTAINS ACEDEFAU If a user has the XSUSPEND attribute a 'TSS LIST(acid) ARCHIVE' results in an invalid 'TSS ADDTO(acid) ACEDEFAU' command being generated. Invalid 'TSS ADDTO(acid) ACEDEFAU' command after ARCHIVE. Command generated by 'TSS LIST() ARCHIVE' will fail. Command can be removed manually from generated output. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9494 Copyright (C) 2013 CA. All rights reserved. R00889-TSS150-SP1 DESC(TSS LIST ARCHIVE CONTAINS ACEDEFAU). PRE ( RO48091 RO52580 RO53544 RO59130 ) SUP ( RO18633 RO19414 RO21317 TR17158 TR17988 TR18043 TR18633 TR19414 TR21317 TR25830 RO25830 TR29063 RO29063 TR30280 RO30280 TR55736 AR52580 RO55736 TR56568 TR57038 RO57038 TR63353 TR64820 ) ++HOLD (RO64820) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13312) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE TSS LIST ARCHIVE CONTAINS ACEDEFAU USERS All users that levarge TSS LIST ARCHIVE cmd. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

23 CA Top Secret Security for z/os CA RS PTF RO RO64829 RO64829 M.C.S. ENTRIES = ++PTF (RO64829) LIST/ARCHIVE COMMAND OF SCTYKEY(*ALL*) ERROR If a LIST/ARCHIVE command is issued for an acid that has all 256 security keys, the command being generated is: TSS ADDTO(userid1) SCTYKEY(*AL,*,) LIST/ARCHIVE command produces invalid TSS command. LIST/ARCHIVE command produces invalid TSS command. Manually modify TSS command. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS 9478 Copyright (C) 2013 CA. All rights reserved. R00890-TSS150-SP1 DESC(LIST/ARCHIVE COMMAND OF SCTYKEY(*ALL*) ERROR). PRE ( RO18634 RO19256 RO20497 ) SUP ( TR21636 RO21636 TR23570 RO23570 TR52490 RO52490 TR59797 RO59797 TR61760 TR64829 ) ++HOLD (RO64829) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13312) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Correct LIST/ARCHIVE command for SCTYKEY(*ALL*) USERS All users that leverage LIST/ARCHIVE command. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

24 CA Top Secret Security for z/os CA RS PTF RO RO64897 RO64897 M.C.S. ENTRIES = ++PTF (RO64897) CICS TIGHTEN STORAGE MANAGEMENT FOR THREADSAFE CA Top Secret for z/os CICS support assumes that all of its internal storage management requests will occur under the QR TCB and thus will be implicitly serialized. CICS programs defined with the THREADSAFE or FULLAPI attribute will run under separate L8 and L9 TCBs respectively, and this can cause requests from CA Top Secret/CICS to its subtask to become lost. Additionally, a timing interplay between the CA Top Secret storage requestor and the subtask can cause a request to be lost. Either of these situations, if it occurs, will cause a KR02 abend in the task which was requesting a new KTRT or KSRT control block. The KR02 abend may be followed by other abends caused by the fact that the expected control block was not obtained. If either of these problems occurs, a transaction will abend with a KR02 CICS abend code. ASRA abends and/or CICS DFHxxxxx messages may follow. The task on whose behalf Top Secret/CICS was attempting to get a control block will be terminated. Normally the CICS region does not abend, although it is possible that the succeeding abends as the original task is removed from the system may bring the region down. None. This is purely a timing problem and nothing the site can do will prevent it completely. PRODUCTS AFFECTED: CA Top Secret for z/os CICS option Release 14.0 Release 15.0 PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9113 Copyright (C) 2013 CA. All rights reserved. R00892-TSS150-SP1 DESC(CICS TIGHTEN STORAGE MANAGEMENT FOR THREADSAFE). FMID (CAKOF01) PRE ( RO26389 RO32608 RO35678 RO43979 RO55378 ) SUP ( TR25733 AR35678 RO25733 TR31788 TR38667 RO38667 TR46000 TR46119 RO46119 TR50439 AR50439 TR53765 RO50439 RO53765 TR64897 ) ++HOLD (RO64897) SYSTEM FMID(CAKOF01) REASON (ACTION ) DATE (13315) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE CICS tighten storage management for threadsafe USERS All users that levarge CICS. AFFECTED CA Top Secret for z/os CICS Component Release 15.0 REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED

25 CA Top Secret Security for z/os CA RS PTF RO64897 SMP APPLY, LLA REFRESH and a restart of the CICS region is required to install this APAR.

26 CA Top Secret Security for z/os CA RS PTF RO RO64997 RO64997 M.C.S. ENTRIES = ++PTF (RO64997) TSS ADD(USER) GID(?) GETS DUPLICATE ENTRY IN SAF TABLE When a GID is added to a user that already has a GID, the SAF table may get a duplicate entry. TSS ADD(user) GID(?) was the command issued. OMVS ID command may list 2 groups for the user. Incorrect output for OMVS ID command. Remove the GID before adding the new one. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9507 Copyright (C) 2013 CA. All rights reserved. R00895-TSS150-SP1 DESC(TSS ADD(USER) GID(?) GETS DUPLICATE ENTRY IN SAF TABLE). PRE ( RO55678 RO63740 ) SUP ( TR64896 TR64997 ) ++HOLD (RO64997) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13317) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Eliminate duplicate entries in SAF UID/GID table USERS All users that leverage OMVS AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR.

27 CA Top Secret Security for z/os CA RS PTF RO RO65119 RO65119 M.C.S. ENTRIES = ++PTF (RO65119) IDMS 18.5 APPLICATION GETS RC=16 W/ TSSMAI An application program that calls TSSMAI gets RC=16 when IDMS release 18.5 is used. This apar provides TSSMAI support for IDMS release On return from an Application Interface call the calling program would receive Return Code 16 and Stat code 8. Application Interface calls in IDMS v18.5 fail. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9514 Copyright (C) 2013 CA. All rights reserved. R00896-TSS150-SP1 DESC(IDMS 18.5 APPLICATION GETS RC=16 W/ TSSMAI). FMID (CAKOF03) PRE ( RO23580 RO60755 ) SUP ( TR65119 ) ++HOLD (RO65119) SYSTEM FMID(CAKOF03) REASON (ACTION ) DATE (13330) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE IDMS 18.5 APPLICATION GETS RC=16 W/ TSSMAI USERS All users that leverage TSSMAI in IDMS 18.5 AFFECTED CA Top Secret for z/os IDMS Component Release 15.0 REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and recycle region to install this APAR

28 CA Top Secret Security for z/os CA RS PTF RO RO65209 RO65209 M.C.S. ENTRIES = ++PTF (RO65209) LIST NDT SESSKEY W/OUT ADMIN DATA(SESSKEY) An admininstrator without ADMIN DATA(SESSKEY) authority, can still view SESSKEY information by issuing the following command: TSS LIST(NDT) DATA(ALL,SESSKEY) The SESSKEY is displayed along with the associated application. SESSKEY data displayed without ADMIN DATA(SESSKEY Administrator can view SESSKEY data without proper authorization. None. PRODUCT(S) AFFECTED: TSSMVS Release 15.0 TSSMVS 9515 Copyright (C) 2013 CA. All rights reserved. R00897-TSS150-SP1 DESC(LIST NDT SESSKEY W/OUT ADMIN DATA(SESSKEY)). PRE ( RO18634 RO19256 RO20497 ) SUP ( TR21636 RO21636 TR23570 RO23570 TR52490 RO52490 TR59797 RO59797 TR61760 TR64829 RO64829 TR65209 ) ++HOLD (RO65209) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13330) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Correct LIST(NDT) DATA(ALL,SESSKEY) W/OUT ADMIN SESSKEY USERS All users that leverage TSS command. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS with REINIT is required to install this APAR.

29 CA Top Secret Security for z/os CA RS PTF RO RO65237 RO65237 M.C.S. ENTRIES = ++PTF (RO65237) SPECIFYING LABLPKDS INVALID DURING RENEWAL OF CERTIFICATE During a renewal of certificate, it is invalid to specify LABLPKDS parm, if the add of the signed certificate is reattaching the private key. When listing the newly added certificate, the LABLPKDS will be corrupted. Attempting to remove the certificate it will fail with: 'CAS20E0E ICSF CSNDKRD service error - RC=8 RSN=16032' The certificate cannot be used. Do not specify LABLPKDS with the TSS ADD command, when renewing a certificate. To remove the certificate, specify 'FORCE' keyword at the end of the TSS REMOVE command. Ex: TSS REMOVE(XXXXXXXX) DIGICERT(CERTONE) FORCE PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 CA Top Secret for z/os Release 14.0 TSSMVS 9508 Copyright (C) 2013 CA. All rights reserved. R00898-TSS150-SP1 DESC(SPECIFYING LABLPKDS INVALID DURING RENEWAL OF CERTIFICATE). PRE ( RO25900 RO35644 RO36198 RO55678 RO63740 RO63941 ) SUP ( TR55073 TR55074 TR64623 TR65237 ) ++HOLD (RO65237) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13324) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE To prevent one from specifying LABLPKDS when renewing a certificate sharinf a private key USERS All users leveraging TSS Digital Certificate AFFECTED KNOWLEDGE 1 - Product Administration REQUIRED 2 - SMP/E 3 - z/os Systems Programming 4 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. LLA Refresh 2. Recycle the TSS,,,REINIT

30 CA Top Secret Security for z/os CA RS PTF RO RO65643 RO65643 M.C.S. ENTRIES = ++PTF (RO65643) PRIVATE KEY NOT REMOVED FROM ICSF WHEN FORCE SPECIFIED Private key not removed from ICSF when FORCE specified on TSS REMOVE command for a certificate. The certificate is removed. TSS REM(user) DIGICERT(cert) FORCE does not remove the private key from ICSF. Data is left in ICSF. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9519 Copyright (C) 2013 CA. All rights reserved. R00902-TSS150-SP1 DESC(PRIVATE KEY NOT REMOVED FROM ICSF WHEN FORCE SPECIFIED). PRE ( RO25900 RO35644 RO36198 RO55678 RO63740 RO63941 ) SUP ( TR55073 TR55074 TR64623 TR65237 RO65237 TR65643 ) ++HOLD (RO65643) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13338) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE To delete private key from ICSF when TSS REMOVE command is issued to remove a digital certificate. USERS All users leveraging TSS Digital Certificate AFFECTED KNOWLEDGE 1-1- Product Administration REQUIRED 2 - SMP/E 3 - z/os Systems Programming 4 - Security Administration ACCESS SMP/E CSI Libraries REQUIRED 1. LLA Refresh 2. Recycle the TSS,,,REINIT

31 CA Top Secret Security for z/os CA RS PTF RO RO65763 RO65763 M.C.S. ENTRIES = ++PTF (RO65763) SA03 ABEND AT TSS SHUTDOWN When CSA storage allocation reaches a high percentage due to TSS table reloads, TSS defers updating the tables until the storage usage is reduced. AT that time TSSTIMER issues a PTABL call to reload all tables. SFSBSCER call LOAD_CA_CERTS which will attach a subtask to load the predefined certificates. This causes multiple subtasks to be loaded and TSSSFS will only detach one of them. This will cause a SA03 abend at shutdown. TSS gets a SA03 abend at shutdown. A system dump is taken. None. PRODUCT(S) AFFECTED: CA-TOP SECRET-MVS Release 15.0 TSSMVS 9522 Copyright (C) 2013 CA. All rights reserved. R00908-TSS150-SP1 DESC(SA03 ABEND AT TSS SHUTDOWN). PRE ( RO18784 RO36198 RO38472 RO43262 RO55678 RO58366 RO63740 ) SUP ( TR16707 TR18055 TR24214 TR24363 RO24363 TR26651 RO26651 TR28221 RO28221 TR28502 RO28502 TR34459 TR34711 TR36584 TR38053 TR41151 TR32201 TR41664 TR41767 TR45152 AR41767 TR45566 RO38053 RO41151 RO41767 RO45152 RO45566 TR50024 RO50024 TR52334 RO52334 TR65763 ) ++HOLD (RO65763) SYSTEM FMID(CAKOF00) REASON (ACTION ) DATE (13343) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Avoid SA03 abend at shutdown. USERS All users. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH and a restart of TSS is required to install this APAR.

32 CA Top Secret Security for z/os CA RS PTF RO RO65913 RO65913 M.C.S. ENTRIES = ++PTF (RO65913) ENHANCE CLIST TSSBRWZ IN SPLIT SCREEN ENV Enhance the TSSBRWZ clist to enter a tss command multiple times in a split screen environment. TSSBRWZ can not be used in a split screen environment. TSSBRWZ can not be used in a split screen environment. None. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9530 Copyright (C) 2013 CA. All rights reserved. R00912-TSS150-SP1 DESC(ENHANCE CLIST TSSBRWZ IN SPLIT SCREEN ENV). SUP ( TR65913 ) ++HOLD (RO65913) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (13353) CA Top Secret for z/os Release 15.0 SEQUENCE AFTER APPLY PURPOSE Enhance CLIST TSSBRWZ in split screen environment USERS All users that leverage the TSSBRWZ clist. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED SMP APPLY, LLA REFRESH is required to install this APAR.

33 CA Top Secret Security for z/os CA RS PTF RO RO67514 RO67514 M.C.S. ENTRIES = ++PTF (RO67514) GETUMAP RETURN '*MSCA*' EVEN IF ACEE HAS UID=0 After CA Top Secret r15 PTF RO63740, if an application issues a getumap for UID(0), CA Top Secret returns '*MSCA*'. This change was implemented to provide consistent results for this type of call. Since the MSCA ACID is the actual owner of UID(0), '*MSCA*' was returned (not the actual name of the MSCA ACID This change is most visible on the output of a USS 'ls -l or ls -E' command. Prior to RO63740, CA Top Secret would return the current USERID if the caller of getumap (or the issuer of ls-l or ls-e) had UID(0 Otherwise, the first USERID in the UID table with UID(0) would be returned. With this corrective solution implemented, CA Top Secret reverts back to the way UID(0) was processed prior to PTF RO After RO63740, a different USERID is returned on GETUMAP calls for UID(0 The symptom of this change varies by application. Applications started with a USERID that had UID(0) such as WebSphere or OnDemand may not be able to handle the USERID of '*MSCA*'. Change the UID for the ACID to something other than UID(0) and then permit the various SUPERUSER Granularity permissions that are needed. Refer to the CA Secret Cookbook for the various permissions for SUPERUSER Granularity. File ownerships may also need to be changed for USS files owned for the ACID that was UID(0 TSSMVS 9550 Copyright (C) 2014 CA. All rights reserved. R00942-TSS150-SP1 DESC(GETUMAP RETURN '*MSCA*' EVEN IF ACEE HAS UID=0). PRE ( RO18784 RO36198 RO38472 RO43262 RO55678 RO58366 RO63740 ) SUP ( TR16707 TR18055 TR24214 TR24363 RO24363 TR26651 RO26651 TR28221 RO28221 TR28502 RO28502 TR34459 TR34711 TR36584 TR38053 TR41151 TR32201 TR41664 TR41767 TR45152 AR41767 TR45566 RO38053 RO41151 RO41767 RO45152 RO45566 TR50024 RO50024 TR52334 RO52334 RO64997 RO65763 TR64896 TR64997 TR65763 TR67205 TR67466 TR67514 BR63740 ) ++HOLD (RO67514) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14043) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Address name rename for UID(0) on getumap USERS All users that leverage getumap AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED

34 CA Top Secret Security for z/os CA RS PTF RO67514 SMP APPLY, LLA REFRESH, TSS,,,REINIT then issue 'F TSS,REFRESH(SAFAL)' to install this APAR.

35 CA Top Secret Security for z/os CA RS PTF RO RO67810 RO67810 M.C.S. ENTRIES = ++PTF (RO67810) AUTOUID/UNIQUSER NOT WORKING IF TCBSENV POPULATED With options UNIQUSER/MODLUSER set, if INITUSP callable service is called in an environment where TCB field TCBSENV is not NULL, and the user which is the subject of INITUSP has no OMVS segment, the INITUSP request fails with 8/8/24. INITUSP callable service failes with RC/RSN = 8/8/24. Applications dependent on INITUSP functionality may terminate with errors. Manually add OMVS segment fields and DFLTGRP to ACID records for which INITUSP previously failed. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9551 ADD GROUP DURING UNIQUSER/MODLUSER LOGON With options UNIQUSER/MODLUSER set, a GROUP will be added to an ACID that logs on to USS/OMVS if the user does not already have an OMVS segment. The GROUP will match the DFLTGRP found in the MODLUSER and added to the ACID as part of this process as well. None, this an enhancement to add this functionality to the existing UNIQUSER/MODLUSER processing. The ACID logging on to USS/OMVS will now have a group assignment in the ACID record after completion of the logon. You can add a GROUP entry to any ACID that needs it through Top Secret command administration. PRODUCT(S) AFFECTED: CA Top Secret for z/os Release 15.0 TSSMVS 9541 Copyright (C) 2014 CA. All rights reserved. R00947-TSS150-SP1 DESC(AUTOUID/UNIQUSER NOT WORKING IF TCBSENV POPULATED). PRE ( RO55678 RO61359 RO63740 ) SUP ( RO54316 TR54316 TR66462 TR66605 TR67221 TR67801 TR67810 CR63740 ) ++HOLD (RO67810) SYSTEM FMID(CAKOF00) REASON (DYNACT ) DATE (14052) CA Top Secret for z/os Release 15.0 SEQUENCE After Apply PURPOSE Add MODLUSER DFLTGRP as a GROUP on user USERS All users that leverage UNIQUSER and MODLUSER. AFFECTED KNOWLEDGE 1- Product Administration 3- z/os Systems Programming REQUIRED 2- SMP/e 4- Security Administration ACCESS SMP/e CSI libraries REQUIRED

36 CA Top Secret Security for z/os CA RS PTF RO67810 SMP APPLY, LLA REFRESH, TSS,,,REINIT to install this APAR.