zowe · taban03 · Nov 6, 2024 · Nov 7, 2024 · Nov 7, 2024 · Nov 7, 2024
diff --git a/docs/user-guide/api-mediation/configuration-extender-passtickets.md b/docs/user-guide/api-mediation/configuration-extender-passtickets.md
@@ -29,7 +29,7 @@ Since the Zowe 2.17 release, it is no longer necessary to disable replay protect
 This section applies to users who do not already have PassTickets enabled in the system, or users who need to define a PassTicket for a new APPLID. If you already have an APPLID that you intend to use to define your API service, skip to the section [Configuring security to allow the Zowe API Gateway to generate PassTickets for an API service](#configuring-security-to-allow-zowe-api-gateway-to-generate-passtickets-for-an-api-service).
 
 :::tip
-To validate if a PassTicket is already defined, list the APPL and PKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
+To validate if a PassTicket is already defined, list the APPL and PTKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
 
 - **Validating an existing PassTicket for ACF2**
 
@@ -74,6 +74,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         TSS WHOHAS PTKTDATA(<applid>)
         TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>.)
     ```
+    If APPL and PTKTDATA are not defined yet, follow the instruction to create them as described in the [Enabling PassTickets with Top Secret](#enabling-passtickets-with-top-secret) section.
 
     - **`.`**  
         A wildcard symbol that lists all resources
@@ -98,7 +99,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
     ```
 
-    Ensure that you validate PKTDATA access for APPL.
+    Ensure that you validate PTKTDATA access for APPL.
 
     - **`*`**  
         A wildcard symbol that resturns all resources
@@ -164,7 +165,7 @@ You configured Zowe to use PassTickets for single sign on using ACF2.
 <summary> Click here for command details about configuring Zowe to use PassTickets using Top Secret.</summary>
 
 
-Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUT`) have not already been defined as described in the previous tip.
+Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUTH`) have not already been defined as described in the previous tip.
 
 1. Update the resource descriptor table (RDT) to define the `PTKTDATA` class by entering the following commands:
 
@@ -181,11 +182,13 @@ Before you begin this procedure, verify that the `PTKTDATA` class and ownership
     Include `RESCODE(n)` in the range of 101 to 13F to make `PTKTDATA` a prefixed resource class.
     :::
 
-2.	Assign ownership for the PassTicket resource (`IRRPTAUT`). Execute the following commands: 
+2.	Assign ownership for the PassTicket resource (`IRRPTAUTH`). Execute the following commands: 
     ```
-    TSS ADDTO(department) PTKTDATA(IRRPTAUT) 
+    TSS ADDTO(<department>) PTKTDATA(IRRPTAUTH) 
     ```
-
+- **`department`**  
+  Specifies the department for Zowe. The default department is `TSODEPT1`.
+
 3. Define PassTicket for application ID _applid_:
 
     ```tss
@@ -352,9 +355,23 @@ Grant the Zowe started task user ID permission to generate PassTickets for users
 
 In your ESM command line interface or other security environment, execute the following commands:
 
+**RACF:**
 ```racf
-    RLIST APPL <applid> ALL
-    RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+ RLIST APPL <applid> ALL
+ RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+```
+**TSS:**
+```tss
+TSS WHOHAS APPL(<applid>)
+TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>)
+```
+
+**ACF2:**
+```acf2
+SET RESOURCE(SAF)
+LIST LIKE(<applid>-)
+SET RESOURCE(PTK)
+LIST LIKE(IRRPTAUTH-)
 ```
 
 * **`applid`**  

diff --git a/docs/user-guide/configure-zos-system.md b/docs/user-guide/configure-zos-system.md
@@ -353,31 +353,82 @@ If you have run `ZWESECUR`, you do not need to perform the steps described in th
 If you have not run `ZWESECUR` and are manually creating the user ID and groups in your z/OS environment, the commands are described below for reference.  
 
 - To create the `ZWEADMIN` group, issue the following command:
-  ```
-  ADDGROUP ZWEADMIN OMVS(AUTOGID) -
-  DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
-  ```
 
+  **RACF:**
+     ```
+     ADDGROUP ZWEADMIN OMVS(AUTOGID) -
+     DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
+     ```
+  **TSS:**
+     ```
+     TSS CREATE(<ZWEADMIN>) TYPE(GROUP) +
+       NAME('ZOWE ADMINISTRATORS') +
+       DEPT(<ADMIN_DEPARTMENT>)
+     TSS ADD(<ZWEADMIN>) GID(<ADMIN_GROUP_ID>)
+     ```
+  **ACF2:**
+     ```
+     SET PROFILE(GROUP) DIV(OMVS)
+     INSERT <ZWEADMIN> AUTOGID
+     F ACF2,REBUILD(GRP),CLASS(P)
+     ```
 - To create the `ZWESVUSR` user ID for the main Zowe started task, issue the following command:
-  ```
-    ADDUSER  ZWESVUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE SERVER') -
-    DATA('ZOWE MAIN SERVER')
-  ```
+
+  **RACF:**  
+     ```
+   ADDUSER  <ZWESVUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE SERVER') -
+   DATA('ZOWE MAIN SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESVUSR>) TYPE(USER) PROTECTED +
+   NAME('ZOWE MAIN SERVER') +
+   DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESVUSR>) GROUP(<ZWEADMIN>) +
+   DFLTGRP(<ZWEADMIN>) +
+   HOME(/tmp) OMVSPGM(/bin/sh) UID(<ZOWE_USER_UID>)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESVUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESVUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```
 
 - To create the `ZWESIUSR` group for the Zowe cross memory server started task, issue the following command:
-  ```
-    ADDUSER ZWESIUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE XMEM SERVER') -
-    DATA('ZOWE XMEM CROSS MEMORY SERVER')
-  ```
 
+  **RACF:**  
+   ```
+   ADDUSER <ZWESIUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE XMEM SERVER') -
+   DATA('ZOWE XMEM CROSS MEMORY SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESIUSR>) TYPE(USER) PROTECTED +
+    NAME('ZOWE ZIS CROSS MEMORY SERVER') +
+    DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESIUSR>) GROUP(<ZWEADMIN>) +
+    DFLTGRP(<ZWEADMIN>) +
+    HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESIUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESIUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```   
 
 ### Configure ZWESLSTC to run Zowe high availability instances under ZWESVUSR user ID
 

diff --git a/.../version-v2.18.x/user-guide/api-mediation/configuration-extender-passtickets.md b/.../version-v2.18.x/user-guide/api-mediation/configuration-extender-passtickets.md
@@ -29,7 +29,7 @@ Since the Zowe 2.17 release, it is no longer necessary to disable replay protect
 This section applies to users who do not already have PassTickets enabled in the system, or users who need to define a PassTicket for a new APPLID. If you already have an APPLID that you intend to use to define your API service, skip to the section [Configuring security to allow the Zowe API Gateway to generate PassTickets for an API service](#configuring-security-to-allow-zowe-api-gateway-to-generate-passtickets-for-an-api-service).
 
 :::tip
-To validate if a PassTicket is already defined, list the APPL and PKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
+To validate if a PassTicket is already defined, list the APPL and PTKTDATA with a command corresponding to your ESM. Output indicates if a PassTicket is already defined. No results after issuing an ESM command indicates that a PassTicket is not defined. If a PassTicket is defined, the access of the zoweuser can be determined.
 
 - **Validating an existing PassTicket for ACF2**
 
@@ -74,6 +74,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         TSS WHOHAS PTKTDATA(<applid>)
         TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>.)
     ```
+    If APPL and PTKTDATA are not defined yet, follow the instruction to create them as described in the [Enabling PassTickets with Top Secret](#enabling-passtickets-with-top-secret) section.
 
     - **`.`**  
         A wildcard symbol that lists all resources
@@ -98,7 +99,7 @@ To validate if a PassTicket is already defined, list the APPL and PKTDATA with a
         RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
     ```
 
-    Ensure that you validate PKTDATA access for APPL.
+    Ensure that you validate PTKTDATA access for APPL.
 
     - **`*`**  
         A wildcard symbol that resturns all resources
@@ -164,7 +165,7 @@ You configured Zowe to use PassTickets for single sign on using ACF2.
 <summary> Click here for command details about configuring Zowe to use PassTickets using Top Secret.</summary>
 
 
-Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUT`) have not already been defined as described in the previous tip.
+Before you begin this procedure, verify that the `PTKTDATA` class and ownership for the PassTicket resource (`IRRPTAUTH`) have not already been defined as described in the previous tip.
 
 1. Update the resource descriptor table (RDT) to define the `PTKTDATA` class by entering the following commands:
 
@@ -181,11 +182,13 @@ Before you begin this procedure, verify that the `PTKTDATA` class and ownership
     Include `RESCODE(n)` in the range of 101 to 13F to make `PTKTDATA` a prefixed resource class.
     :::
 
-2.	Assign ownership for the PassTicket resource (`IRRPTAUT`). Execute the following commands: 
+2.	Assign ownership for the PassTicket resource (`IRRPTAUTH`). Execute the following commands: 
     ```
-    TSS ADDTO(department) PTKTDATA(IRRPTAUT) 
+    TSS ADDTO(<department>) PTKTDATA(IRRPTAUTH) 
     ```
-
+- **`department`**  
+  Specifies the department for Zowe. The default department is `TSODEPT1`.
+
 3. Define PassTicket for application ID _applid_:
 
     ```tss
@@ -352,9 +355,23 @@ Grant the Zowe started task user ID permission to generate PassTickets for users
 
 In your ESM command line interface or other security environment, execute the following commands:
 
+**RACF:**
 ```racf
-    RLIST APPL <applid> ALL
-    RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+ RLIST APPL <applid> ALL
+ RLIST PTKTDATA IRRPTAUTH.<applid>.* ALL
+```
+**TSS:**
+```tss
+TSS WHOHAS APPL(<applid>)
+TSS WHOHAS PTKTDATA(IRRPTAUTH.<applid>)
+```
+
+**ACF2:**
+```acf2
+SET RESOURCE(SAF)
+LIST LIKE(<applid>-)
+SET RESOURCE(PTK)
+LIST LIKE(IRRPTAUTH-)
 ```
 
 * **`applid`**  

diff --git a/versioned_docs/version-v2.18.x/user-guide/configure-zos-system.md b/versioned_docs/version-v2.18.x/user-guide/configure-zos-system.md
@@ -353,31 +353,81 @@ If you have run `ZWESECUR`, you do not need to perform the steps described in th
 If you have not run `ZWESECUR` and are manually creating the user ID and groups in your z/OS environment, the commands are described below for reference.  
 
 - To create the `ZWEADMIN` group, issue the following command:
-  ```
-  ADDGROUP ZWEADMIN OMVS(AUTOGID) -
-  DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
-  ```
+
+  **RACF:**
+     ```
+     ADDGROUP ZWEADMIN OMVS(AUTOGID) -
+     DATA('STARTED TASK GROUP WITH OMVS SEGEMENT')
+     ```
+  **TSS:**
+     ```
+     TSS CREATE(<ZWEADMIN>) TYPE(GROUP) +
+       NAME('ZOWE ADMINISTRATORS') +
+       DEPT(<ADMIN_DEPARTMENT>)
+     TSS ADD(<ZWEADMIN>) GID(<ADMIN_GROUP_ID>)
+     ```
+  **ACF2:**
+     ```
+     SET PROFILE(GROUP) DIV(OMVS)
+     INSERT <ZWEADMIN> AUTOGID
+     F ACF2,REBUILD(GRP),CLASS(P)
 
 - To create the `ZWESVUSR` user ID for the main Zowe started task, issue the following command:
-  ```
-    ADDUSER  ZWESVUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE SERVER') -
-    DATA('ZOWE MAIN SERVER')
-  ```
 
-- To create the `ZWESIUSR` group for the Zowe cross memory server started task, issue the following command:
-  ```
-    ADDUSER ZWESIUSR -
-    NOPASSWORD -
-    DFLTGRP(ZWEADMIN) -
-    OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
-    NAME('ZOWE XMEM SERVER') -
-    DATA('ZOWE XMEM CROSS MEMORY SERVER')
-  ```
+  **RACF:**
+     ```
+   ADDUSER  <ZWESVUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE SERVER') -
+   DATA('ZOWE MAIN SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESVUSR>) TYPE(USER) PROTECTED +
+   NAME('ZOWE MAIN SERVER') +
+   DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESVUSR>) GROUP(<ZWEADMIN>) +
+   DFLTGRP(<ZWEADMIN>) +
+   HOME(/tmp) OMVSPGM(/bin/sh) UID(<ZOWE_USER_UID>)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESVUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESVUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```
 
+- To create the `ZWESIUSR` group for the Zowe cross memory server started task, issue the following command:
+  **RACF:**
+   ```
+   ADDUSER <ZWESIUSR> -
+   NOPASSWORD -
+   DFLTGRP(<ZWEADMIN>) -
+   OMVS(HOME(/tmp) PROGRAM(/bin/sh) AUTOUID) -
+   NAME('ZOWE XMEM SERVER') -
+   DATA('ZOWE XMEM CROSS MEMORY SERVER')
+   ```
+  **TSS:**
+   ```
+   TSS CREATE(<ZWESIUSR>) TYPE(USER) PROTECTED +
+    NAME('ZOWE ZIS CROSS MEMORY SERVER') +
+    DEPT(<STC_USER_DEPARTMENT>)
+   TSS ADD(<ZWESIUSR>) GROUP(<ZWEADMIN>) +
+    DFLTGRP(<ZWEADMIN>) +
+    HOME(/tmp) OMVSPGM(/bin/sh) UID(&ZISUID.)
+   ```
+  **ACF2:**
+   ```
+   SET LID
+   INSERT <ZWESIUSR> STC GROUP(<ZWEADMIN>)
+   SET PROFILE(USER) DIV(OMVS)
+   INSERT <ZWESIUSR> AUTOUID HOME(/tmp) OMVSPGM(/bin/sh)
+   F ACF2,REBUILD(USR),CLASS(P),DIVISION(OMVS)
+   ```
 
 ### Configure ZWESLSTC to run Zowe high availability instances under ZWESVUSR user ID