With CA 1 option OCEOV set to YES, CA 1 should check for CLASS DATASET at OPEN. Is there an easy way to verify if these security calls from CA 1 are performed?
Release: Component: 1
Depending on the external security Product traces might be used to verify the security checks from CA 1. Another possibility is to run a Tape Job against a Data set for which the user does not have sufficient access. If the security check was performed from CA 1 because of OCEOV YES, this results in the violation messages from the external security product and CA 1 messages CAL0C0SF and IEFTMS50 9XX-nn.
For example User userxxx tried to create Tape Data Set DATA.SET.NOACCESS with Top Secret as external Security:
TSS7220E 102 J=JOBXXXX A=USERXXX VOL=S00016 ACC=UPDATE DSN=DATA.SET.NOACCESS TSS7227E UPDATE Access Not Granted to Dataset DATA.SET.NOACCESS CAL0C0SF 08 102 USERXXX /TESTFILE/xxxxxxx. TSS7227E UPDATE Access Not Granted to Dataset DATA.SET.NOACCESS IEFTMS50 9XX- 04 JOBXXXX,STEPXXX ,DDXXX ,0E57,S00016,00001,DATA.SET.NOACCESS IEFTMS50 ***** CA 1 ABEND,F1,04 ***** **