Skip to content
CA Top Secret® for z/OS - 16.0
Documentation powered by DocOps

LIST Function—Display ACID Security Data

Last update May 13, 2016

Valid on z/OS, z/VSE, and z/VM.

Use the LIST command function to display data from the following records:

  • Security record of a specific ACID
  • Security record of all ACIDs that match a specific prefix
  • Security record of all ACIDs of a specific type
  • Security record of all ACIDs in a department and/or division
  • AUDIT, STC, NDT, RDT, FDT, DLF, SDT, APPCLU, and/or ALL records

After the ACIDs have been specified in the command, use the DATA operand to limit the output. Use the DATA(TERSE) operand to limit the security file I/O.

TSS LIST entries vary, depending on the type of data being requested and the security record from which data is obtained. Administrators must have explicit authority (through the ADMIN - DATA command function) to list TSS data types.

CA Top Secret displays only data concerning ACIDs within the administrator's scope. An MSCA or an authorized SCA can list data for the entire site. A VCA may list data for his or her division (and all subordinate departments), and a DCA may list data for his or her department. When a DCA, VCA, or ZCA lists a user within their scope, the DEPARTMENT, DIVISION, and ZONE are included in the display.

ACIDs are listed first by division, then by the department within the division. User and profile ACIDs are listed in alphabetical order within an organizational grouping.

Contents

This command function has the following format:

TSS LIST (acid) keyword(setting)
  • acid
    Specifies the ACID for which you are displaying security data. Specifying ACIDS lists data for all ACIDs that match the accompanying keyword criteria. For example, you can specify TSS LIST(ACIDS) with the DEPARTMENT keyword (and other keywords) to obtain data about all ACIDs in a department.
  • keyword(setting)
    Specifies an available keyword (and a setting for that keyword if applicable). For example, you can you can include ACIDPRFX(TEST) as part of the LIST command, where the TEST setting specifies to list all ACIDs that begin with TEST.

This command function uses the keywords:

  • ACIDPRFX
  • ARCHIVE
  • CHAIN
  • DATA
  • DEPARTMENT
  • DIGICERT

    Note: TSS LIST DIGICERT does not display the ALTNAME parameter. Only the CHKCERT command displays this parameter.
  • DISPLAY
  • DIVISION
  • FDTNAME
  • FDTCODE
  • INTO
  • ISSUERDN
  • KEYRING
  • LABLCERT
  • LABLRING
  • LINKID
  • PREFIX
  • PSTKAPPL
  • RESCLASS
  • RESCODE
  • SEGMENT
  • SERIALNUM
  • SESSKEY
  • TARGET
  • TYPE
  • ZONE

Example: List All Data for a Specific ACID

This example obtains all the data about a specific ACID and contents of all profiles connected to that ACID:

TSS LIST(acid) DATA(PROFILE,ALL)

Example: List Data for ACIDs with a Specific Prefix

This example obtains all the data about the ACIDs starting with a specific prefix and the contents of all profiles connected to those ACIDs:

TSS LIST(ACIDS) ACIDPRFX(acid_prefix)
                DATA(PROFILE,ALL)

Note: Prefixes can be from one to seven characters long.

Example: List Data for All ACIDs of a Specific Type

This example obtains data about all ACIDs of a specific type:

TSS LIST(ACIDS) TYPE(USER | PROFILE | GROUP | DCA | VCA | DEPARTMENT |
                     DIVISION | SCA | LSCA | ZONE | ZCA)
                DATA(BASIC,RESOURCE,XAUTH,LCF,SOURCE,INSTDATA,CICS,ADMIN,NAMES,
                     TSO,ACIDS,EXPIRE,PASSWORD|ALL[,PROFILE,PASSWORD,EXPIRE])

Example: List Data for All ACIDs in a Department

This example obtains data about all ACIDs in a department:

TSS LIST(ACIDS) DEPARTMENT(department acid)
                DATA(BASIC,RESOURCE,XAUTH,LCF,SOURCE,TSO,
                INSTDATA,CICS,ADMIN,NAMES,ACIDS,
                PASSWORD|ALL [,EXPIRE,PASSWORD,PROFILE])

Example: List Data for All ACIDs in a Division

This example obtains data about all ACIDs in a division:

TSS LIST(ACIDS) DIVISION(div. acid)
                DATA(BASIC,RESOURCE,XAUTH,LCF,SOURCE,TSO,
                INSTDATA,CICS,ADMIN,NAMES,ACIDS,
                PASSWORD|ALL [,EXPIRE,PASSWORD,PROFILE])

Example: List Data for All ACIDs in a Zone

This example obtains data about all ACIDs in a zone:

TSS LIST(ACIDS) ZONE(zon. acid)
                DATA(BASIC,RESOURCE,XAUTH,LCF,SOURCE,TSO,
                INSTDATA,CICS,ADMIN,NAMES,ACIDS,
                PASSWORD|ALL [,EXPIRE,PASSWORD,PROFILE])

Example: List Contents of the ALL Record

This example obtains data about the contents of the ALL record:

TSS LIST(ALL)

Example: List Contents of the DLF Record

This example obtains data about the contents of the DLF record:

TSS LIST(DLF)

Example: List Contents of the AUDIT Record

This example obtains data about the contents of the AUDIT record:

TSS LIST(AUDIT)

Example: List Contents of the STC Record

This example obtain data about the contents of the STC record:

TSS LIST(STC)

Example: List Contents of the RDT Record

This example obtains data about the contents of the RDT record:

TSS LIST(RDT)

Example: List Contents of the FDT Record

This example obtains data about the contents of the FDT record:

TSS LIST(FDT)

Example: List Contents of the NDT Record

This example obtains data about the contents of the NDT record:

TSS LIST(NDT)

Example: List SDT Record Elements

This example lists all MAP records or only a specified MAP record from the SDT:

TSS LIST(SDT) MAPREC(ALL|map_name)

Example: List Contents of the APPCLU Record

This example obtains data about the contents of the APPCLU record:

TSS LIST(APPCLU)

Example: List Contents of the MLS Record

This example obtains data about the contents of the MLS record:

TSS LIST(MLS)

Example: List Profile ACIDs Associated with USER01 by Order of Processing

This example produces a list of the profile ACIDs associated with USER01 in the order in which they are searched by the Security Algorithm:

TSS LIST(USER01) DATA(PROFILES,NOSORT)

Hard Copy Listings

Hard copy listings are obtained by using Batch TMP of TSSCFILE in z/OS and the batch utility TSSCRIPT for z/VM.

ACID Types

Use the following list to translate the ACID types that appear on the output of a TSS LIST command:

Code ACID type
DC DCA
D Department
V Division
LC LSCA
P Profile
SC SCA
ZC ZCA
VC VCA
Z Zone

Profile Sorting

When a TSS LIST(acid) DATA(PROFILES) command is issued, the profiles associated with that ACID is listed alphabetically.

To view the profiles in the order in which they are processed, enter:

TSS LIST(acid) DATA(PROFILES,NOSORT)

ACID Lists

When a TSS LIST(acid) DATA(BASIC) command is issued, the output associated with that ACID is sorted alphabetically (for example, LOCK TIME comes before TIME ZONE).

To list the segments and the fields within the segments alphabetically, enter:

TSS LIST(acid) SEGMENT(ALL)

Groupings are identified by the segment which they are in, not a header line. For example, groupings that were separated by a header line such as TSO DATA are now identified as SEGMENT TSO.

LIST in a Shared Environment

In a shared security file environment, all modifications to any SDT record type and data field made in the local system are immediately available to the TSS LIST command if entered from the same local system.

If the SDT modifications are made on a local system and the TSS LIST is attempted from a remote system, it is possible that some SDT records will not reflect the current changes as they are listed from internal tables not updated with the current data. The SDT record types and data fields that may experience this effect include:

  • CERTMAP Certificate name filter
  • CRITERIA Certificate filter criteria
  • CRITMAP Certificate filter ACID to user
  • DIGICERT Digital certificates
  • KERBLINK Kerberos foreign principals
  • KERBSEGM Kerberos principal user
  • KEYRING Certificate keyring
  • LINUXNAM Linux user name
  • REALM Kerberos local / foreign realms

For immediate access to the current TSS LIST record data for any of the included SDT record types on a remote system, enter the TSS MODIFY SYNCH command to refresh the required tables with current data from the security file.

Was this helpful?

Please log in to post comments.

  1. JOSEF THALER
    2017-04-12 02:38

    Hello CA, - Example "TSS LIST(SDT)" showed above does not work, you have to specify additional keywords. - consider to mention the new *FACSTOR display by TSS LIST(*FACSTOR) DATA(ALL) regards, Josef

    1. Kris Horgen
      2017-04-12 10:25

      Hi Josef!

      We will update the doc accordingly!

      Thanks! -Kris