? About Granting ALL Access to One's Own TSO ID

book

Article ID: 109320

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction



Our AUTH control option is set to AUTH(OVERRIDE,ALLOVER). In our TSS ALL record we have the following permission:

DSN(%.) ACC(ALL)

We also have a profile which contains several permissions for TSO USER IDs with UPDATE access:

DSN(xxxxxx.) ACC(UPDATE)

However, USER xxxxxx fails when he tries to create a dataset with his own HLQ: xxxxxx. Is there a way for xxxxxx to have ALL access to his HLQ without granting DSN(%.) ACC(ALL) on his ID or on another profile that comes before the profile containing DSN(xxxxxx,.) ACC(UPDATE) ? 

Environment

Release:
Component: TSSMVS

Resolution

The options are: 

1) Remove the profile with DSN(xxxxxx.) ACC(UPDATE) from xxxxxx

2) TSS WHOOWNS DSN(xxxxxx.) 

If the full high level qualifier 'xxxxxx.' is owned, you can undercut this to the xxxxxx acid via: 

TSS ADD(xxxxxx) DSN(TSOTEST.) UNDERCUT NOPERMIT 

If xxxxxx owns DSN(xxxxxx.), it will automatically have all access to xxxxxx. datasets. 

If the ownership is shorter (ie DSN(xxx) ), you can't own the longer name 'xxxxxx.' and if you undercut the shorter ownership to xxxxxx, this acid will have ALL access to datasets that start with xxx, not just xxxxxx. 

3) If 1 and 2 aren't feasible, then DSN(%.) ACC(ALL) will need to be permitted to the xxxxxx ID or on another profile that comes before the profile containing DSN(xxxxxx,.) ACC(UPDATE)