When running a TSSUTIL report, the following violation shows:  

AUTOPSAV GEONVSA N F DSIATTMT NONE *08*-88 A NVS09 

...where '88' is 'ACCESS DENIED TO RESOURCE < >' 

However, the resource in the report is not defined to Top Secret. How can an ACID be denied access to a resource when it's not defined in Top Secret?

When a RACROUTE REQ=AUTH call with RCUSER coded and passing a userid 'AUTOPSAV', the call is coming from module DSISAFAM. Top Secret takes the userid being passed and if the ACID is not defined, it builds an ACEE but without any authority. In this case any protected resources will fail unless a permit exists in the ALL record for that resource.