search cancel

Use Of ACCESS(NONE) With AUTH(MERGE) In Top Secret

book

Article ID: 190549

calendar_today

Updated On:

Products

Top Secret WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

AUTH(MERGE,ALLOVER) is set. One profile gives access to a particular OTRAN, and it is desired to remove that transaction from just one particular user that profile is attached to. Will permitting the OTRAN with ACCESS(NONE) to that specific user to override the access through that profile work with AUTH(MERGE)? For example:

TSS PER(acid) OTRAN(xact) ACCESS(NONE)

What happens when Top Secret sees one permission with ACCESS(NONE) and another with ACCESS(EXEC)?  Which one does it accept?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Yes, doing the TSS PER(acid) OTRAN(xact) ACCESS(NONE) will work with AUTH(MERGE) as long as the resource name (xact) on the permit with ACCESS(NONE) is the same length or longer than the permit with ACCESS(EXECUTE). When multiple matching permits are found with the same length resource, ACCESS(NONE) overrides the other access levels. Since AUTH(MERGE) is set, the permit for ACCESS(NONE) does not have to be on the same acid (user or profile) as the permit with ACCESS(EXECUTE).