Same DB2 Batch Processing, the access results varies depending on the user.
search cancel

Same DB2 Batch Processing, the access results varies depending on the user.

book

Article ID: 202193

calendar_today

Updated On: 10-11-2023

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Accessing the same DB2TABLE resource with the same DB2 batch processing, the access results vary depending on the user. 

- PERMIT definition of DB2TABLE resource;
----------------------------------------------------------------------------
TSS WHOH DB2DBASE(ddddddd)
 DB2DBASE   = ddddddd                                       OWNER(dept )
  XAUTH     = ddddddd                                        ACID(aaaaa )
    ACCESS  = NONE                                                         
    FAC     = DSN1B                                                        
    ACTION  = FAIL                                       
- Comparison of TSSUTIL report results;
  DATE     TIME   SYSI ACCESSOR JOBNAME  FFM VC PROGRAM  R-ACCESS A-ACCESS SRC/DRC SEC RESOURCE (TYPE & NAME)       JOBID   TERMINA
 -------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
 20/08/31 17:52:41 ssss acid1    jjjjjjjj 3 F 01 DSNECP10 DROP     NONE     *08*-97 OPN ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:41 ssss acid1    jjjjjjjj 3 F 02 DSNECP10 CRETS    NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:42 ssss acid1    jjjjjjjj 3 F 03 DSNECP10 CRETAB   NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:43 ssss acid1    jjjjjjjj 3 F 04 DSNUTILB IMAGCOPY NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:44 ssss acid1    jjjjjjjj 3 F 05 DSNUTILB STATS    NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:44 ssss acid1    jjjjjjjj 3 F 06 DSNUTILB REORG    NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:46 ssss acid1    jjjjjjjj 3 F 07 DSNUTILB IMAGCOPY NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 20/08/31 17:52:48 ssss acid1    jjjjjjjj 3 F 17 DSNUTILB RECOVDB  NONE     *08*-97  78 ? ddddddd                    J030252 INTRDR 
 -------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    IKJEFF04                     OK    VFX                              T030573 INTRDR
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    HOSCNVT  PSCHK=NO SIGNON     OK    INI   NAME=name                              
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    HOSCNVT                      OK    TRM                                            
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    IEFIIC   PSCHK=NO SIGNON     OK    INI   NAME=name                  J030574 INTRDR
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    IEFIIC                       OK    TRM                              J030574 INTRDR
 20/09/01 13:38:13 ssss acid2    jjjjjjjj B W    IEFIIC   PSCHK=NO SIGNON     OK    INI   NAME=name                  J030574 INTRDR
 20/09/01 13:38:27 ssss acid2    jjjjjjjj B W    IEFIIC                       OK    TRM                              J030574 INTRDR
 -------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------

 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Review the DSNZPARM settings. 'acid2' is defined as an INSTALL SYSADM/SYSADM2 id. That authid is not subject to any security authorization checking. 

That would explain why the ID had the TSSUTIL events for signon and signoff type events. 

Powered by Wolken Software