TSSSIM Allowed Access to DSN but REAL Time Job Failed

book

Article ID: 131400

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

TSSSIM was activated to check if a user had the correct access to a data set.
The following is the request and the reply from TSSSIM:

=== CMD ==> $DSN(SVSM.EKB.CICSAA.BADDAD ) ACCESS(UPDATE) 
=== RACHECK ==> TSS8380I RESOURCE ACCESS ALLOWED 
==> REG15 = 00 FDB-RC = 00 FDB-DRC = 00 
==> REQUEST = 6000 ALLOWED = FFFF VOLUME = 0000 
==> REASON = PERMITTED *USER* RULE # 2 
==> VOL-FLG = 00-00-00-00 SUB-FLG = 80-00-09-00-01

When the job ran in real time it failed with the following:

DATE TIME SYSID ACCESSOR JOBNAME FACILITY MODE VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC JOBID TERMINAL 
004/05/19 08:52:34 PRDA SOPHIE09 TSYSDADS BATCH FAIL 01 BADDAD UPDATE READ *08*-66 CAT J005996 INTRDR 
RESOURCE TYPE & NAME : DATASET SVSM.EKB.CICSAA.BADDAD

Environment

Release:
Component: TSSMVS

Resolution

When listing the user to see what RULE#2 was it showed:

XA DATASET = SOPHIE09. OWNER(IZZEDEPT ) ACCESS = ALL
 
The above rule means that the acid SOPHIE09 has ALL Access to any data sets that start with SOPHIE09.

The command that was issue to TSSSIM was:

=== CMD ==> $DSN(SVSM.EKB.CICSAA.BADDAD) ACCESS(UPDATE) 

Since the $DSN value was not in single quotes the data set name becomes prefixed with the user-id. Since the user-id high level qualifier has ALL access TSSSIM determined that RULE#2 gave the requested permission of UPDATE Access.

The command needed to be:

=== CMD ==> $DSN('SVSM.EKB.CICSAA.BADDAD') ACCESS(UPDATE)