document missing commands

docs/user-guide/api-mediation/configuration-extender-passtickets.md

@@ -29,7 +29,7 @@ Since the Zowe 2.17 release, it is no longer necessary to disable replay protect
 This section applies to users who do not already have PassTickets enabled in the system, or users who need to define a PassTicket for a new APPLID. If you already have an APPLID that you intend to use to define your API service, skip to the section [Configuring security to allow the Zowe API Gateway to generate PassTickets for an API service](#configuring-security-to-allow-zowe-api-gateway-to-generate-passtickets-for-an-api-service).
 
 :::tip
-To validate if a PassTicket is already defined, list the APPL and PKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
+To validate if a PassTicket is already defined, list the APPL and PTKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the ZWESVUSR can be determined.
 
 - **Validating an existing PassTicket for ACF2**
 
@@ -39,19 +39,26 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
 
     In your ESM command line interface or other security environment, execute the following commands:
 
-    ```acf2
-        SET RESOURCE(SAF)
-        LIST LIKE(-)
+     1. Issue a SHOW CLASMAP command in TSO ACF to verify whether or not the APPL resource is defined in the GSO. Take note of the 3 character type code associated with APPL. If APPL does not appear in the SHOW CLASMAP listing, run the following commands:
 
-        SET RESOURCE(SAF)
-        LIST LIKE(<applid>-)
+        ```acf2
+        SET CONTROL(GSO)
+        INSERT CLASMAP.appl RESOURCE(APPL) RSRCTYPE(APL)
+        F ACF2,REFRESH(CLASMAP)
+        ```
 
+    2. Replace 'APL' with the type code listed in the SHOW CLASMAP output:
+        ```
+        SET RESOURCE(APL)
+        LIST LIKE(<applid>-)
+        ```
+    3. Verify whether PTKTDATA is defined, by executing the following commands:
+        ```
         SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
         LIST LIKE(<applid>-)
-
         SET RESOURCE(PTK)
         LIST LIKE(IRRPTAUTH-)
-    ```
+        ```
 
     - **`-`**  
         A wildcard symbol that lists all resources
@@ -74,6 +81,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         TSS WHOHAS PTKTDATA(<applid>)
         TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>.)
     ```
+    If APPL and PTKTDATA are not defined yet, follow the instruction to create them as described in the [Enabling PassTickets with Top Secret](#enabling-passtickets-with-top-secret) section.
 
     - **`.`**  
         A wildcard symbol that lists all resources
@@ -98,7 +106,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
     ```
 
-    Ensure that you validate PKTDATA access for APPL.
+    Ensure that you validate PTKTDATA access for APPL.
 
     - **`*`**  
         A wildcard symbol that resturns all resources
@@ -121,12 +129,18 @@ Follow these steps to enable PassTicket Support specific to your ESM.
 
 <summary> Click here for command details about configuring Zowe to use PassTickets using ACF2. </summary>
 
-1. In your ESM command line interface or other security environment, define the application session key by entering the following commands, if the session key is not already defined.
+1. Issue a SHOW CLASMAP command in TSO ACF to to identity the 3 character type code associated with APPL. Replace 'APL' with the type code listed in the SHOW CLASMAP output:
+   ```acf2
+   SET RESOURCE(APL)
+   RECKEY <applid> ADD(UID(<user>) ALLOW)
+   F ACF2,REBUILD(APL)
+   ```
+2. In your ESM command line interface or other security environment, define the application session key by entering the following commands, if the session key is not already defined.
 
     ```acf2
-        SET PROFILE(PTKTDATA) DIV(SSIGNON)
-        INSERT <applid> SSKEY(<key-description>)
-        F ACF2,REBUILD(PTK),CLASS(P)
+    SET PROFILE(PTKTDATA) DIV(SSIGNON)
+    INSERT <applid> SSKEY(<key-description>)
+    F ACF2,REBUILD(PTK),CLASS(P)
     ```
 
 * **`applid`**  
@@ -164,7 +178,7 @@ You configured Zowe to use PassTickets for single sign on using ACF2.
 <summary> Click here for command details about configuring Zowe to use PassTickets using Top Secret.</summary>
 
 
-Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUT`) have not already been defined as described in the previous tip.
+Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUTH`) have not already been defined as described in the previous tip.
 
 1. Update the resource descriptor table (RDT) to define the `PTKTDATA` class by entering the following commands:
 
@@ -181,11 +195,13 @@ Before you begin this procedure, verify that the `PTKTDATA` class and ownership
     Include `RESCODE(n)` in the range of 101 to 13F to make `PTKTDATA` a prefixed resource class.
     :::
 
-2.	Assign ownership for the PassTicket resource (`IRRPTAUT`). Execute the following commands: 
+2.	Assign ownership for the PassTicket resource (`IRRPTAUTH`). Execute the following commands: 
     ```
-    TSS ADDTO(department) PTKTDATA(IRRPTAUT) 
+    TSS ADDTO(<department>) PTKTDATA(IRRPTAUTH) 
     ```
-
+- **`department`**  
+  Specifies the department for `PTKTDATA(IRRPTAUTH`. The default department is `TSODEPT1`.
+
 3. Define PassTicket for application ID _applid_:
 
     ```tss
@@ -352,9 +368,23 @@ Grant the Zowe started task user ID permission to generate PassTickets for users
 
 In your ESM command line interface or other security environment, execute the following commands:
 
+**RACF:**
 ```racf
-    RLIST APPL <applid> ALL
-    RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+ RLIST APPL <applid> ALL
+ RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+```
+**TSS:**
+```tss
+TSS WHOHAS APPL(<applid>)
+TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>)
+```
+
+**ACF2:**
+```acf2
+SET RESOURCE(SAF)
+LIST LIKE(<applid>-)
+SET RESOURCE(PTK)
+LIST LIKE(IRRPTAUTH-)
 ```
 
 * **`applid`**  

docs/user-guide/configure-zos-system.md

@@ -353,31 +353,82 @@ If you have run `ZWESECUR`, you do not need to perform the steps described in th
 If you have not run `ZWESECUR` and are manually creating the user ID and groups in your z/OS environment, the commands are described below for reference.  
 
 - To create the `ZWEADMIN` group, issue the following command:
-  ```
-  ADDGROUP ZWEADMIN OMVS(AUTOGID) -
-  DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
-  ```
 
+  **RACF:**
+     ```
+     ADDGROUP ZWEADMIN OMVS(AUTOGID) -
+     DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
+     ```
+  **TSS:**
+     ```
+     TSS CREATE(<ZWEADMIN>) TYPE(GROUP) +
+       NAME('ZOWE ADMINISTRATORS') +
+       DEPT(<ADMIN_DEPARTMENT>)
+     TSS ADD(<ZWEADMIN>) GID(<ADMIN_GROUP_ID>)
+     ```
+  **ACF2:**
+     ```
+     SET PROFILE(GROUP) DIV(OMVS)
+     INSERT <ZWEADMIN> AUTOGID
+     F ACF2,REBUILD(GRP),CLASS(P)
+     ```
 - To create the `ZWESVUSR` user ID for the main Zowe started task, issue the following command:
-  ```
-    ADDUSER  ZWESVUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE SERVER') -
-    DATA('ZOWE MAIN SERVER')
-  ```
+
+  **RACF:**  
+     ```
+   ADDUSER  <ZWESVUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE SERVER') -
+   DATA('ZOWE MAIN SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESVUSR>) TYPE(USER) PROTECTED +
+   NAME('ZOWE MAIN SERVER') +
+   DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESVUSR>) GROUP(<ZWEADMIN>) +
+   DFLTGRP(<ZWEADMIN>) +
+   HOME(/tmp) OMVSPGM(/bin/sh) UID(<ZOWE_USER_UID>)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESVUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESVUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```
 
 - To create the `ZWESIUSR` group for the Zowe cross memory server started task, issue the following command:
-  ```
-    ADDUSER ZWESIUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE XMEM SERVER') -
-    DATA('ZOWE XMEM CROSS MEMORY SERVER')
-  ```
 
+  **RACF:**  
+   ```
+   ADDUSER <ZWESIUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE XMEM SERVER') -
+   DATA('ZOWE XMEM CROSS MEMORY SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESIUSR>) TYPE(USER) PROTECTED +
+    NAME('ZOWE ZIS CROSS MEMORY SERVER') +
+    DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESIUSR>) GROUP(<ZWEADMIN>) +
+    DFLTGRP(<ZWEADMIN>) +
+    HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESIUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESIUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```   
 
 ### Configure ZWESLSTC to run Zowe high availability instances under ZWESVUSR user ID
 

versioned_docs/version-v2.18.x/user-guide/api-mediation/configuration-extender-passtickets.md

@@ -29,7 +29,7 @@ Since the Zowe 2.17 release, it is no longer necessary to disable replay protect
 This section applies to users who do not already have PassTickets enabled in the system, or users who need to define a PassTicket for a new APPLID. If you already have an APPLID that you intend to use to define your API service, skip to the section [Configuring security to allow the Zowe API Gateway to generate PassTickets for an API service](#configuring-security-to-allow-zowe-api-gateway-to-generate-passtickets-for-an-api-service).
 
 :::tip
-To validate if a PassTicket is already defined, list the APPL and PKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
+To validate if a PassTicket is already defined, list the APPL and PTKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the ZWESVUSR can be determined.
 
 - **Validating an existing PassTicket for ACF2**
 
@@ -38,20 +38,26 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
     <summary>Click here for command details about validating an existing PassTicket for ACF2.</summary>
 
     In your ESM command line interface or other security environment, execute the following commands:
-
-    ```acf2
-        SET RESOURCE(SAF)
-        LIST LIKE(-)
-
-        SET RESOURCE(SAF)
+    1. Issue a SHOW CLASMAP command in TSO ACF to verify whether or not the APPL resource is defined in the GSO. Take note of the 3 character type code associated with APPL. If APPL does not appear in the SHOW CLASMAP listing, run the following commands:
+
+        ```acf2
+        SET CONTROL(GSO)
+        INSERT CLASMAP.appl RESOURCE(APPL) RSRCTYPE(APL)
+        F ACF2,REFRESH(CLASMAP)
+        ```
+
+    2. Replace 'APL' with the type code listed in the SHOW CLASMAP output:
+        ```acf2
+        SET RESOURCE(APL)
         LIST LIKE(<applid>-)
-
+        ```
+    3. Verify whether PTKTDATA is defined, by executing the following commands:
+        ```acf2
         SET PROFILE(PTKTDATA) DIVISION(SSIGNON)
         LIST LIKE(<applid>-)
-
         SET RESOURCE(PTK)
         LIST LIKE(IRRPTAUTH-)
-    ```
+        ```
 
     - **`-`**  
         A wildcard symbol that lists all resources
@@ -74,6 +80,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         TSS WHOHAS PTKTDATA(<applid>)
         TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>.)
     ```
+    If APPL and PTKTDATA are not defined yet, follow the instruction to create them as described in the [Enabling PassTickets with Top Secret](#enabling-passtickets-with-top-secret) section.
 
     - **`.`**  
         A wildcard symbol that lists all resources
@@ -98,7 +105,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
     ```
 
-    Ensure that you validate PKTDATA access for APPL.
+    Ensure that you validate PTKTDATA access for APPL.
 
     - **`*`**  
         A wildcard symbol that resturns all resources
@@ -121,12 +128,18 @@ Follow these steps to enable PassTicket Support specific to your ESM.
 
 <summary> Click here for command details about configuring Zowe to use PassTickets using ACF2. </summary>
 
-1. In your ESM command line interface or other security environment, define the application session key by entering the following commands, if the session key is not already defined.
-
+1. Issue a SHOW CLASMAP command in TSO ACF to to identity the 3 character type code associated with APPL. Replace 'APL' with the type code listed in the SHOW CLASMAP output:
     ```acf2
-        SET PROFILE(PTKTDATA) DIV(SSIGNON)
-        INSERT <applid> SSKEY(<key-description>)
-        F ACF2,REBUILD(PTK),CLASS(P)
+    SET RESOURCE(APL)
+    RECKEY <applid> ADD(UID(<user>) ALLOW)
+    F ACF2,REBUILD(APL)
+    ```
+2. In your ESM command line interface or other security environment, define the application session key by entering the following commands, if the session key is not already defined.
+
+    ```acf2
+    SET PROFILE(PTKTDATA) DIV(SSIGNON)
+    INSERT <applid> SSKEY(<key-description>)
+    F ACF2,REBUILD(PTK),CLASS(P)
     ```
 
 * **`applid`**  
@@ -164,7 +177,7 @@ You configured Zowe to use PassTickets for single sign on using ACF2.
 <summary> Click here for command details about configuring Zowe to use PassTickets using Top Secret.</summary>
 
 
-Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUT`) have not already been defined as described in the previous tip.
+Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUTH`) have not already been defined as described in the previous tip.
 
 1. Update the resource descriptor table (RDT) to define the `PTKTDATA` class by entering the following commands:
 
@@ -181,11 +194,13 @@ Before you begin this procedure, verify that the `PTKTDATA` class and ownership
     Include `RESCODE(n)` in the range of 101 to 13F to make `PTKTDATA` a prefixed resource class.
     :::
 
-2.	Assign ownership for the PassTicket resource (`IRRPTAUT`). Execute the following commands: 
+2.	Assign ownership for the PassTicket resource (`IRRPTAUTH`). Execute the following commands: 
     ```
-    TSS ADDTO(department) PTKTDATA(IRRPTAUT) 
+    TSS ADDTO(<department>) PTKTDATA(IRRPTAUTH) 
     ```
-
+- **`department`**  
+  Specifies the department for `PTKTDATA(IRRPTAUTH`. The default department is `TSODEPT1`.
+
 3. Define PassTicket for application ID _applid_:
 
     ```tss
@@ -352,9 +367,23 @@ Grant the Zowe started task user ID permission to generate PassTickets for users
 
 In your ESM command line interface or other security environment, execute the following commands:
 
+**RACF:**
 ```racf
-    RLIST APPL <applid> ALL
-    RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+ RLIST APPL <applid> ALL
+ RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+```
+**TSS:**
+```tss
+TSS WHOHAS APPL(<applid>)
+TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>)
+```
+
+**ACF2:**
+```acf2
+SET RESOURCE(SAF)
+LIST LIKE(<applid>-)
+SET RESOURCE(PTK)
+LIST LIKE(IRRPTAUTH-)
 ```
 
 * **`applid`**