Access to services that are executed on cryptographic coprocessors
is through access control points in the Domain Role. To execute
callable services on the coprocessor, access control points must be
enabled for each service in the Role. For systems that do not use
the optional TKE Workstation, all access control points (current and
new) are enabled in the role with the appropriate microcode level
on the cryptographic coprocessor.
For TKE users who have modified the
Domain Role, all new
access control points must be enabled using the TKE workstation. For
non-TKE users, all new access control points are enabled.
Note: Some
access control points are disable by default in the Coprocessor Role.
See the ICSF Application Programmer's Guide and
z/OS Cryptographic Services ICSF Administrator's Guide for
these access control points. A TKE Workstation is required to enable
these access control points