z/OS Cryptographic Services ICSF Application Programmer's Guide
Previous topic
|
Next topic
|
Contents
|
Index
|
Contact z/OS
|
Library
|
PDF
Authorization
z/OS Cryptographic Services ICSF Application Programmer's Guide
SA22-7522-16
Table 323. Authorization requirements for the token record delete callable service
Token / Object Type
PKCS #11 Role Authority Required
Token
SO (UPDATE)
Public object, except CA certificate
USER (UPDATE) or SO (READ)
Private object, except CA certificate
USER (UPDATE) or SO (CONTROL)
Public CA certificate object
USER (CONTROL) or SO (READ)
Private CA certificate object
USER (CONTROL) or SO (CONTROL)
State object
None
Note:
Session and token objects require the same authority.
See
z/OS Cryptographic Services ICSF Writing PKCS #11 Applications
for more information on the SO and User PKCS #11 roles and how ICSF determines that a certificate is a CA certificate.
Copyright IBM Corporation 1990, 2014