In reviewing events for DB2SYS checks in WARN mode, when running TSSUTIL against extracted files to further extract the files with a list option and then IDCAMS dump the extracted file, the IDCAMS dump output ontains x'4000' even though the RDT entry for the DB2SYS resource class does not have access levels. Current records under fail mode have x'0000', (for example, a DB2PLAN EXEC access request). Is this of any significance?

Release : 16.0

Component : CA Top Secret for z/OS

The calls are coming from a CICS address space and will result in a default access of EXECUTE unless the RDT class has it's own access levels then they will be used.   This would be the case in WARN or FAIL mode but the access of execute for DB2SYS(SYSADM) will not have any bearing on how the security call is processed. For DB2SYS(SYSADM), the ACID either has access or it does not.