Access Resources That Aren't Defined To Top Secret
Article ID: 188967
Updated On:
Products
Issue/Introduction
In a converted RACF to Top Secret member, there are some TSS commands that are to protect certain resources, Can a user access resources if they are not protected under Top Secret? After they are protected, can it cause a security problem?
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
Yes. When a resource is checked and the resource is not protected (owned) by Top Secret, Top Secret passes back a return code of 04 indicating the resource is not owned. It is then up to the calling application to allow or deny the access. In many cases, the application allows the access if a return code 04 is received. Once protected, the users that were getting access because the resource wasn't owned will fail and will need to be permitted to the resource to get access.
Feedback
