After defining resource class PTKTDATA to the Top Secret RDT, when UPDATE access is permitted to a resources in this class, Top Secret displays READ access. The command to define the PTKTDATA class was:

   TSS ADD(RDT) RESCLASS(PTKTDATA) ACLST(ALL,READ,UPDATE=6000) MAXLEN(37) ATTR(MASK)
   TSS0300I ADD FUNCTION SUCCESSFUL

The TSS ADD and TSS PERMIT commands issued were:

   TSS ADDTO(dept) PTKTDATA(IRRPTAUT)
   TSS0300I ADD FUNCTION SUCCESSFUL

   TSS PER(acid) PTKTDATA(IRRPTAUTH.FEKAPPL.xxxxxx) ACCESS(UPDATE)
   TSS0300I PERMIT FUNCTION SUCCESSFUL

Even though all of the above commands were shown as "successful", when listing the ACID in the TSS PERMIT command, access to PTKTDATA(IRRPTAUTH.FEKAPPL.xxxxxx) showed as READ, not UPDATE.

XA PTKTDATA= IRRPTAUTH.FEKAPPL.xxxxxx    OWNER(dept)
ACCESS = READ

   TSS LIST(RDT) RESCLASS(PTKTDATA) shows:
      RESOURCE CLASS = PTKTDATA
        RESOURCE CODE = X'017'
                    ATTRIBUTE = MASKABLE,MAXOWN(26),MAXPERMIT(037),ACCESS
                         ACCESS = ALL(FFFF),READ(4000),UPDATE(6000)
                         DEFACC = NONE

which shows UPDATE is a valid access level. Why wasn't UPDATE access displayed by Top Secret?

The access list was not in the right order.

Access levels within the ACLST should be unique and in descending hexadecimal order so that permits with multiple access levels display the highest possible access level. For example, if the list specifies READ,UPDATE=6000; the UPDATE implies READ. If a permit is issued with UPDATE access, the TSS LIST command will show that the permit includes READ access and will display READ instead of UPDATE. The access level is displayed correctly if the ACLST is specified as UPDATE=6000,READ.

To change the ACLST on the PTKTDATA resource class, issue:

   TSS REPLACE(RDT) RESCLASS(PTKTDATA) ACLST(ALL,UPDATE=6000,READ)

For more details about the access list used in the Top Secret RDT definition, click here.