TSSSIM Allowed Access to DSN but REAL Time Job Failed
Article ID: 131400
Top Secret - LDAP
TSSSIM was activated to check if a user had the correct access to a data set.
The following is the request and the reply from TSSSIM: === CMD ==> $DSN(SVSM.EKB.CICSAA.BADDAD ) ACCESS(UPDATE) === RACHECK ==> TSS8380I RESOURCE ACCESS ALLOWED ==> REG15 = 00 FDB-RC = 00 FDB-DRC = 00 ==> REQUEST = 6000 ALLOWED = FFFF VOLUME = 0000 ==> REASON = PERMITTED *USER* RULE # 2 ==> VOL-FLG = 00-00-00-00 SUB-FLG = 80-00-09-00-01 When the job ran in real time it failed with the following: DATE TIME SYSID ACCESSOR JOBNAME FACILITY MODE VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC JOBID TERMINAL
004/05/19 08:52:34 PRDA SOPHIE09 TSYSDADS BATCH FAIL 01 BADDAD UPDATE READ *08*-66 CAT J005996 INTRDR RESOURCE TYPE & NAME : DATASET SVSM.EKB.CICSAA.BADDAD
When listing the user to see what RULE#2 was it showed:
XA DATASET = SOPHIE09. OWNER(IZZEDEPT ) ACCESS = ALL The above rule means that the acid SOPHIE09 has ALL Access to any data sets that start with SOPHIE09. The command that was issue to TSSSIM was: === CMD ==> $DSN(SVSM.EKB.CICSAA.BADDAD) ACCESS(UPDATE) Since the $DSN value was not in single quotes the data set name becomes prefixed with the user-id. Since the user-id high level qualifier has ALL access TSSSIM determined that RULE#2 gave the requested permission of UPDATE Access. The command needed to be: === CMD ==> $DSN('SVSM.EKB.CICSAA.BADDAD') ACCESS(UPDATE)