Adding CHA1VIEW To The RDT For CA VIEW Shows Invalid ACCESS Levels In Top Secret
search cancel

Adding CHA1VIEW To The RDT For CA VIEW Shows Invalid ACCESS Levels In Top Secret

book

Article ID: 12879

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

After adding the CA View CHA1VIEW resource class to the RDT in Top Secret, when trying to add the access levels, nothing is working for the access level UPDATE in the ACLST. When listing an ACID with UPDATE access to a CHA1VIEW resource, the output shows the access as blank where UPDATE should be. The following commands were tried for the RDT:

TSS ADD(RDT) RESCLASS(CHA1VIEW) RESCODE(037) MAXLEN(044) /*CHG0001739401

TSS REP(RDT) RESCLASS(CHA1VIEW) ATTR(DEFPROT) /*CHG0001739401

TSS REP(RDT) RESCLASS(CHA1VIEW) ACLST(ALL=FFFF,CONTROL=6400,UPDATE=6000,READ=4000,NONE=0000) DEFACC(READ)

TSS REP(RDT) RESCLASS(CHA1VIEW) ACLST(ALL=FFFF,CONTROL=C400,UPDATE=C000,READ=4000,NONE=0000) DEFACC(READ)


The results in a profile are the same for both cases:

ACCESSORID = IBI2FRT
TYPE = PROFILE
XA CHA1VIEW= VIEWJCL.FILT.
ACCESS =
XA CHA1VIEW= VIEWJCL.IDXN.
ACCESS = READ
XA CHA1VIEW= VIEWJCL.NOTE.
ACCESS =

TSSSIM
$cha1view('viewjcl.filt') acc(update)
TSS8385I FRACHECK R15 = 08 RC = 08 DRC = 88
TSS7251E Access Denied to CHA1VIEW <'VIEWJCL.FILT'>
TSS8381I SIMULATED RESOURCE ACCESS DENIED.

TSS8390I RESOURCE = (0037) 'VIEWJCL.FILT'
TSS8391I TSS SVC=00 RC=08 DRC=88 VDRC=00 XSW=00 ALG=00
TSS8392I REQUESTED ACCESS = UPDATE
TSS8393I OVERRIDES = <NONE>
TSSSIM

Per the CA View documentation for installation, the RDT should have

ACLST(ALL(FFFF),CONTROL(6400),UPDATE=(6000),READ=(0400),NONE(0000))

RESOURCE CLASS = CHA1VIEW
RESOURCE CODE = X'037'
ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = ALL(FFFF),CONTROL(6400),UPDATE(6000),READ(4000)
ACCESS = NONE(0000)
DEFACC = READ

How should the RDT be coded?

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

The CA View documentation is correct. When making changes to the access levels for an RDT entry, all existing PERMITs for that resource class should be REVOKEd and re-PERMITed to pick up the new access level changes.