Same DB2 Batch Processing, the access results varies depending on the user.
Article ID: 202193
Updated On:
Products
Top Secret
Top Secret - LDAP
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
Accessing the same DB2TABLE resource with the same DB2 batch processing, the access results vary depending on the user.
- PERMIT definition of DB2TABLE resource;
----------------------------------------------------------------------------
TSS WHOH DB2DBASE(ddddddd)
DB2DBASE = ddddddd OWNER(dept )
XAUTH = ddddddd ACID(aaaaa )
ACCESS = NONE
FAC = DSN1B
ACTION = FAIL
- Comparison of TSSUTIL report results;
DATE TIME SYSI ACCESSOR JOBNAME FFM VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC RESOURCE (TYPE & NAME) JOBID TERMINA
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/08/31 17:52:41 ssss acid1 jjjjjjjj 3 F 01 DSNECP10 DROP NONE *08*-97 OPN ? ddddddd J030252 INTRDR
20/08/31 17:52:41 ssss acid1 jjjjjjjj 3 F 02 DSNECP10 CRETS NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:42 ssss acid1 jjjjjjjj 3 F 03 DSNECP10 CRETAB NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:43 ssss acid1 jjjjjjjj 3 F 04 DSNUTILB IMAGCOPY NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:44 ssss acid1 jjjjjjjj 3 F 05 DSNUTILB STATS NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:44 ssss acid1 jjjjjjjj 3 F 06 DSNUTILB REORG NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:46 ssss acid1 jjjjjjjj 3 F 07 DSNUTILB IMAGCOPY NONE *08*-97 78 ? ddddddd J030252 INTRDR
20/08/31 17:52:48 ssss acid1 jjjjjjjj 3 F 17 DSNUTILB RECOVDB NONE *08*-97 78 ? ddddddd J030252 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W IKJEFF04 OK VFX T030573 INTRDR
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W HOSCNVT PSCHK=NO SIGNON OK INI NAME=name
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W HOSCNVT OK TRM
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W IEFIIC PSCHK=NO SIGNON OK INI NAME=name J030574 INTRDR
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W IEFIIC OK TRM J030574 INTRDR
20/09/01 13:38:13 ssss acid2 jjjjjjjj B W IEFIIC PSCHK=NO SIGNON OK INI NAME=name J030574 INTRDR
20/09/01 13:38:27 ssss acid2 jjjjjjjj B W IEFIIC OK TRM J030574 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
Review the DSNZPARM settings. 'acid2' is defined as an INSTALL SYSADM/SYSADM2 id. That authid is not subject to any security authorization checking.
That would explain why the ID had the TSSUTIL events for signon and signoff type events.
Feedback
Yes
No
Powered by
