Accessing the same DB2TABLE resource with same DB2 batch processing, the access results varies depending on the user.
- ACID definition of access use;
---------------------------------------------------------------------------
(Access result is OK)
ACCESSORID = SYSDB2 NAME = SYSDB2
TYPE = USER SIZE = 512 BYTES
FACILITY = BATCH
FACILITY = TSO
DEPT ACID = DEP DEPARTMENT = DEPT
DIV ACID = DIV DIVISION = DIVISION
CREATED = 00/10/05 00:00 LAST MOD = 20/08/31 10:14
PROFILES = TPROF
GROUPS = GUSER
ATTRIBUTES = TSOMPW
LAST USED = 20/09/02 11:50 CPU(TST1) FAC(TSO ) COUNT(10508
DFLTGRP = GRPUSER1
----------- SEGMENT OMVS
HOME = u/omvsusr1
OMVSPGM = /bin/sh
UID = 0000000007
PASSWORD = EXPIRES = 20/11/18 INTERVAL = 090
----------------------------------------------------------------------------
(Access result is NG)
ACCESSORID = SYSOPR NAME = SYSOPR
TYPE = USER SIZE = 512 BYTES
FACILITY = BATCH
FACILITY = STC
FACILITY = TSO
FACILITY = DDF
DEPT ACID = DUMMY$D DEPARTMENT = DUMMY DEPT
CREATED = 19/06/17 16:42 LAST MOD = 20/08/28 16:08
PROFILES = TPROF
GROUPS = GUSER
ATTRIBUTES = TSOMPW
LAST USED = 20/08/31 10:51 CPU(TST1) FAC(TSO ) COUNT(00017)
DFLTGRP = GUSER1
----------- SEGMENT OMVS
OMVSPGM = /bin/sh
UID = 0000000005
PASSWORD = EXPIRES = 20/11/26 INTERVAL = 090
----------------------------------------------------------------------------
- PERMIT definition of DB2TABLE resource;
----------------------------------------------------------------------------
TSS WHOH DB2DBASE(DSTST1D)
DB2DBASE = DSTST1D OWNER(KID )
XAUTH = DSTST1D ACID(KUSER )
ACCESS = NONE
FAC = DSN1B
ACTION = FAIL
- Comparison of TSSUTIL report results;
DATE TIME SYSI ACCESSOR JOBNAME FFM VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC RESOURCE (TYPE & NAME) JOBID TERMINA
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/08/31 17:52:41 TST1 SYSOPR XSDB2B1 3 F 01 DSNECP10 DROP NONE *08*-97 OPN ? DSTST1D J030252 INTRDR
20/08/31 17:52:41 TST1 SYSOPR XSDB2B1 3 F 02 DSNECP10 CRETS NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:42 TST1 SYSOPR XSDB2B1 3 F 03 DSNECP10 CRETAB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:43 TST1 SYSOPR XSDB2B1 3 F 04 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:44 TST1 SYSOPR XSDB2B1 3 F 05 DSNUTILB STATS NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:44 TST1 SYSOPR XSDB2B1 3 F 06 DSNUTILB REORG NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 07 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 08 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 09 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 10 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 11 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 12 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 13 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 14 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 15 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 16 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:48 TST1 SYSOPR XSDB2B1 3 F 17 DSNUTILB RECOVDB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:48 TST1 SYSOPR XSDB2B1 3 F 18 DSNUTILB RECOVDB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IKJEFF04 OK VFX T030573 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 JES2 B W HOSCNVT PSCHK=NO SIGNON OK INI NAME=SYSDB2
20/09/01 13:38:13 TST1 SYSDB2 JES2 B W HOSCNVT OK TRM
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IEFIIC PSCHK=NO SIGNON OK INI NAME=SYSDB2 J030574 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 INIT B W IEFIIC OK TRM J030574 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IEFIIC PSCHK=NO SIGNON OK INI NAME=SYSDB2 J030574 INTRDR
20/09/01 13:38:27 TST1 SYSDB2 XSDB2B1 B W IEFIIC OK TRM J030574 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
Release : 16.0
Component : CA Top Secret for z/OS
Review the DSNZPARM settings. SYSDB2 is defined as an INSTALL SYSADM/SYSADM2 id.
That authid is not subject to any security authorization checking.
That would explain why the ID had the TSSUTIL events for signon and signoff type events.