PERMIT search alogrithm questions in CA Top Secret
Article ID: 106832
Updated On:
Products
Top Secret
Top Secret - LDAP
Issue/Introduction
PERMIT search alogrithm questions in CA Top Secret
1.
PROFA is before PROFB on a user.
PROFA gives read access to HLQ "CMNPPO".
PROFB gives update access to dataset "CMNPPO.TESTSHR".
Selection ends at PROFA, denying update access to DSN CMNPPO.TESTSHR.TEST, correct?
2.
PROFA has the following permits:
XA DATASET = CMNPPO
ACCESS = READ
XA DATASET = CMNPPO.TESTSHR
ACCESS = UPDATE
If a user tries to edit dataset "CMNPPO.TESTSHR", will they be allowed?
If a user tries to edit dataset "CMNPPO.TESTSHR1", will they be allowed?
3.
If I have the following 5 permissions:
DATASET(PD) ACCESS(READ)
DATASET(PDI) ACCESS(READ)
DATASET(PDP) ACCESS(READ)
DATASET(PDPP) ACCESS(READ)
DATASET(PDR) ACCESS(READ)
The first one (PD) is all that is needed, correct?
The last 4 are redundant/would all fall under the first?
1.
PROFA is before PROFB on a user.
PROFA gives read access to HLQ "CMNPPO".
PROFB gives update access to dataset "CMNPPO.TESTSHR".
Selection ends at PROFA, denying update access to DSN CMNPPO.TESTSHR.TEST, correct?
2.
PROFA has the following permits:
XA DATASET = CMNPPO
ACCESS = READ
XA DATASET = CMNPPO.TESTSHR
ACCESS = UPDATE
If a user tries to edit dataset "CMNPPO.TESTSHR", will they be allowed?
If a user tries to edit dataset "CMNPPO.TESTSHR1", will they be allowed?
3.
If I have the following 5 permissions:
DATASET(PD) ACCESS(READ)
DATASET(PDI) ACCESS(READ)
DATASET(PDP) ACCESS(READ)
DATASET(PDPP) ACCESS(READ)
DATASET(PDR) ACCESS(READ)
The first one (PD) is all that is needed, correct?
The last 4 are redundant/would all fall under the first?
Environment
Release:
Component: TSSMVS
Component: TSSMVS
Resolution
.1.
PROFA is before PROFB on a user.
PROFA gives read access to HLQ "CMNPPO".
PROFB gives update access to dataset "CMNPPO.TESTSHR".
Selection ends at PROFA, denying update access to DSN CMNPPO.TESTSHR.TEST, correct?
Answer:
You are correct.
Once TSS find a match, it stops searching the rest of the PROFILES. So if PROFA is before PROFB, if a PERMIT is found that matches, it will stop in PROFA and not bother searching PROFB even though there is a more specific PERMIT in PROFB.
2.
PROFA has the following permits:
XA DATASET = CMNPPO
ACCESS = READ
XA DATASET = CMNPPO.TESTSHR
ACCESS = UPDATE
If a user tries to edit dataset "CMNPPO.TESTSHR", will they be allowed?
If a user tries to edit dataset "CMNPPO.TESTSHR1", will they be allowed?
Answer:
Yes, UPDATE access will be give for both. CA Top Secret will choose the more specific PERMIT over a more generic PERMIT from within the same PROFILE.
3.
If I have the following 5 permissions:
DATASET(PD) ACCESS(READ)
DATASET(PDI) ACCESS(READ)
DATASET(PDP) ACCESS(READ)
DATASET(PDPP) ACCESS(READ)
DATASET(PDR) ACCESS(READ)
The first one (PD) is all that is needed, correct?
The last 4 are redundant/would all fall under the first?
Answer:
Yes you are correct.
PROFA is before PROFB on a user.
PROFA gives read access to HLQ "CMNPPO".
PROFB gives update access to dataset "CMNPPO.TESTSHR".
Selection ends at PROFA, denying update access to DSN CMNPPO.TESTSHR.TEST, correct?
Answer:
You are correct.
Once TSS find a match, it stops searching the rest of the PROFILES. So if PROFA is before PROFB, if a PERMIT is found that matches, it will stop in PROFA and not bother searching PROFB even though there is a more specific PERMIT in PROFB.
2.
PROFA has the following permits:
XA DATASET = CMNPPO
ACCESS = READ
XA DATASET = CMNPPO.TESTSHR
ACCESS = UPDATE
If a user tries to edit dataset "CMNPPO.TESTSHR", will they be allowed?
If a user tries to edit dataset "CMNPPO.TESTSHR1", will they be allowed?
Answer:
Yes, UPDATE access will be give for both. CA Top Secret will choose the more specific PERMIT over a more generic PERMIT from within the same PROFILE.
3.
If I have the following 5 permissions:
DATASET(PD) ACCESS(READ)
DATASET(PDI) ACCESS(READ)
DATASET(PDP) ACCESS(READ)
DATASET(PDPP) ACCESS(READ)
DATASET(PDR) ACCESS(READ)
The first one (PD) is all that is needed, correct?
The last 4 are redundant/would all fall under the first?
Answer:
Yes you are correct.
Feedback
Yes
No
Powered by
