ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Override NODSNCHK In Top Secret

book

Article ID: 199302

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Some ACIDs have NODSNCHK in order to do their jobs. An audit is mandating that these ACIDs do not have access to production datasets which primarily begin with PAxx – PZxx and tape dsn’s PAxxT – PZxxT.  Is there a way to override the NODSNCHK to these production dataset to satisfy the audit requirement?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

There is no way to exclude the production datasets from NODSNCHK. The following can be done:

1. TSS WHOO DSN(**) to make sure this is owned. (If not already owned, this can be owned via TSS ADD(msca) DSN(**) ). 
2. TSS PER(acid) DSN(**) ACCESS(ALL) ACTION(AUDIT) for the ACIDs that have NODSNCHK.
3. For each production dataset prefix: TSS PER(acid) DSN(PAxx) ACCESS(NONE)
4. TSS REM(acid) NODSNCHK for the ACIDs that have NODSNCHK.

If there is a profile common to the ACIDs with NODSNCHK, the permits in steps 2 and 3 can be done to that profile.

If AUTH(OVERRIDE,ALLOVER) is set, make sure there aren’t any dataset permits on any of the user records or attached profiles that are ahead of this profile that could limit the dataset access. 

If AUTH(MERGE,ALLMERGE) is set, make sure there aren’t any other dataset permits in profiles, the ALL record, and the user record. When multiple matching permits are found, the longest one is used. If it is longer than DSN(**) and is not for ALL access, the user's access will be limited.