Use Of ACCESS(NONE) With AUTH(MERGE) In Top Secret
Article ID: 190549
Top SecretWEB ADMINISTRATOR FOR TOP SECRET
AUTH(MERGE,ALLOVER) is set. One profile gives access to a particular OTRAN, and it is desired to remove that transaction from just one particular user that profile is attached to. Will permitting the OTRAN with ACCESS(NONE) to that specific user to override the access through that profile work with AUTH(MERGE)? For example:
TSS PER(acid) OTRAN(xact) ACCESS(NONE)
What happens when Top Secret sees one permission with ACCESS(NONE) and another with ACCESS(EXEC)? Which one does it accept?
Release : 16.0
Component : CA Top Secret for z/OS
Yes, doing the TSS PER(acid) OTRAN(xact) ACCESS(NONE) will work with AUTH(MERGE) as long as the resource name (xact) on the permit with ACCESS(NONE) is the same length or longer than the permit with ACCESS(EXECUTE). When multiple matching permits are found with the same length resource, ACCESS(NONE) overrides the other access levels. Since AUTH(MERGE) is set, the permit for ACCESS(NONE) does not have to be on the same acid (user or profile) as the permit with ACCESS(EXECUTE).