Authorization

z/OS Cryptographic Services ICSF Application Programmer's Guide

Authorization

z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16

Table 314. Authorization requirements for the set attribute value callable service
Action	Object	Authority required
Set	Public object, except a CA certificate	USER (UPDATE) or SO (READ)
Set	Private object, except a CA certificate	USER (UPDATE) or SO (CONTROL)
Set	Public CA certificate object	USER (CONTROL) or SO (READ)
Set	Private CA certificate object	USER (CONTROL) or SO (CONTROL)

Note:

Session and token objects require the same authority.
See z/OS Cryptographic Services ICSF Writing PKCS #11 Applications for more information on the SO and User PKCS #11 roles and how ICSF determines that a certificate is a CA certificate.