After adding the CA View CHA1VIEW resource class to the RDT in Top Secret, when trying to add the access levels, nothing is working for the access level UPDATE in the ACLST. When listing an ACID with UPDATE access to a CHA1VIEW resource, the output shows the access as blank where UPDATE should be. The following commands were tried for the RDT:
TSS ADD(RDT) RESCLASS(CHA1VIEW) RESCODE(037) MAXLEN(044) /*CHG0001739401
TSS REP(RDT) RESCLASS(CHA1VIEW) ATTR(DEFPROT) /*CHG0001739401
TSS REP(RDT) RESCLASS(CHA1VIEW) ACLST(ALL=FFFF,CONTROL=6400,UPDATE=6000,READ=4000,NONE=0000) DEFACC(READ)
TSS REP(RDT) RESCLASS(CHA1VIEW) ACLST(ALL=FFFF,CONTROL=C400,UPDATE=C000,READ=4000,NONE=0000) DEFACC(READ)
The results in a profile are the same for both cases:
ACCESSORID = IBI2FRT
TYPE = PROFILE
XA CHA1VIEW= VIEWJCL.FILT.
ACCESS =
XA CHA1VIEW= VIEWJCL.IDXN.
ACCESS = READ
XA CHA1VIEW= VIEWJCL.NOTE.
ACCESS =
TSSSIM
$cha1view('viewjcl.filt') acc(update)
TSS8385I FRACHECK R15 = 08 RC = 08 DRC = 88
TSS7251E Access Denied to CHA1VIEW <'VIEWJCL.FILT'>
TSS8381I SIMULATED RESOURCE ACCESS DENIED.
TSS8390I RESOURCE = (0037) 'VIEWJCL.FILT'
TSS8391I TSS SVC=00 RC=08 DRC=88 VDRC=00 XSW=00 ALG=00
TSS8392I REQUESTED ACCESS = UPDATE
TSS8393I OVERRIDES = <NONE>
TSSSIM
Per the CA View documentation for installation, the RDT should have
ACLST(ALL(FFFF),CONTROL(6400),UPDATE=(6000),READ=(0400),NONE(0000))
RESOURCE CLASS = CHA1VIEW
RESOURCE CODE = X'037'
ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = ALL(FFFF),CONTROL(6400),UPDATE(6000),READ(4000)
ACCESS = NONE(0000)
DEFACC = READ
How should the RDT be coded?
The CA View documentation is correct. When making changes to the access levels for an RDT entry, all existing PERMITs for that resource class should be REVOKEd and re-PERMITed to pick up the new access level changes.