search cancel

PTKTDATA resource class - unable to permit UPDATE access

book

Article ID: 113125

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

When defining PTKTDATA to the TSS RDT last night as per the specification in the TSS manuals I was unable to PERMIT UPDATE access to a resource owned in this class, even though UPDATE was include in the ACLST parameter of the TSS ADD(RDT) command - TSS ADD(RDT) RESCLASS(PTKTDATA) ACLST(ALL,READ,UPDATE=6000) MAXLEN(37)ATTR(MASK) TSS0300I ADD FUNCTION SUCCESSFUL TSS ADDTO(SYS) PTKTDATA(IRRPTAUTH.FEKAPPL.UCDCPJ) TSS0300I ADD FUNCTION SUCCESSFUL TSS PER(UCDA) PTKTDATA(IRRPTAUTH.FEKAPPL.UCDCPJ) ACCESS(UPDATE) TSS0300I PERMIT FUNCTION SUCCESSFUL Even though all of the above commands were shown as "successful".. When listing out the target ID from the TSS PERMIT command, access to PTKTDATA(IRRPTAUTH.FEKAPPL.UCDCPJ) was showing as READ, not UPDATE. XA PTKTDATA= IRRPTAUTH.FEKAPPL.UCDCPJ OWNER(SYS ) ACCESS = READ Here is the listing of the class in the RDT - RESOURCE CLASS = PTKTDATA RESOURCE CODE = X'017' ATTRIBUTE = MASKABLE,MAXOWN(26),MAXPERMIT(037),ACCESS ACCESS = ALL(FFFF),READ(4000),UPDATE(6000) DEFACC = NONE Which also shows UPDATE is a valid access level.. Please could you explain why UPDATE was not accepted by TSS? 

Cause

The acces list was not in the right order.

Environment

z/OS

Resolution

"Access levels within the ACLST should be unique and in descending hexadecimal order so that permits with multiple access levels display the highest possible access level. For example, if the list specifies READ,UPDATE=6000; the UPDATE implies READ and a permit is issued for UPDATE access. The TSS LIST command will show that the permit includes READ access and will display READ instead of UPDATE. The access level is displayed correctly if the ACLST is specified as UPDATE=6000,READ."

See le link below for some more details about the CA Top secret access list used in the CA Top secret RDT definition:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/issuing-commands-to-communicate-administrative-requirements/keywords/aclst-keywordcontrol-the-resource-access-level