Top Secret TSSUTIL VIOLATION Report in Error?

book

Article ID: 15542

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP

Issue/Introduction

When running a TSSUTIL report, the following violation shows:  

AUTOPSAV GEONVSA N F DSIATTMT NONE *08*-88 A NVS09 

...where '88' is 'ACCESS DENIED TO RESOURCE < >' 

However, the resource in the report is not defined to Top Secret. How can an ACID be denied access to a resource when it's not defined in Top Secret?

Environment

Z/OS

Resolution

When a RACROUTE REQ=AUTH call with RCUSER coded and passing a userid 'AUTOPSAV', the call is coming from module DSISAFAM. Top Secret takes the userid being passed and if the ACID is not defined, it builds an ACEE but without any authority. In this case any protected resources will fail unless a permit exists in the ALL record for that resource.