Unauthorized access for a CA VIEW resource is allowed. The problem occurs for CA VIEW resources secured under the DATASET resource class.

There are two security checks for a DATASET security check. The VOLUME check occurs first. If the user has ACCESS(ALL) on the volume, no dataset checking occurs. This will grant the user access to all datasets on that volume.

ACCESS(CREATE) on the VOLUME should be given so dataset checking will occur.