Same DB2 Batch Processing, the access results varies depending on the user.
Article ID: 202193
Updated On:
Products
Top Secret
Top Secret - LDAP
WEB ADMINISTRATOR FOR TOP SECRET
Issue/Introduction
Accessing the same DB2TABLE resource with same DB2 batch processing, the access results varies depending on the user.
- ACID definition of access use;
---------------------------------------------------------------------------
(Access result is OK)
ACCESSORID = SYSDB2 NAME = SYSDB2
TYPE = USER SIZE = 512 BYTES
FACILITY = BATCH
FACILITY = TSO
DEPT ACID = DEP DEPARTMENT = DEPT
DIV ACID = DIV DIVISION = DIVISION
CREATED = 00/10/05 00:00 LAST MOD = 20/08/31 10:14
PROFILES = TPROF
GROUPS = GUSER
ATTRIBUTES = TSOMPW
LAST USED = 20/09/02 11:50 CPU(TST1) FAC(TSO ) COUNT(10508
DFLTGRP = GRPUSER1
----------- SEGMENT OMVS
HOME = u/omvsusr1
OMVSPGM = /bin/sh
UID = 0000000007
PASSWORD = EXPIRES = 20/11/18 INTERVAL = 090
----------------------------------------------------------------------------
(Access result is NG)
ACCESSORID = SYSOPR NAME = SYSOPR
TYPE = USER SIZE = 512 BYTES
FACILITY = BATCH
FACILITY = STC
FACILITY = TSO
FACILITY = DDF
DEPT ACID = DUMMY$D DEPARTMENT = DUMMY DEPT
CREATED = 19/06/17 16:42 LAST MOD = 20/08/28 16:08
PROFILES = TPROF
GROUPS = GUSER
ATTRIBUTES = TSOMPW
LAST USED = 20/08/31 10:51 CPU(TST1) FAC(TSO ) COUNT(00017)
DFLTGRP = GUSER1
----------- SEGMENT OMVS
OMVSPGM = /bin/sh
UID = 0000000005
PASSWORD = EXPIRES = 20/11/26 INTERVAL = 090
----------------------------------------------------------------------------
- PERMIT definition of DB2TABLE resource;
----------------------------------------------------------------------------
TSS WHOH DB2DBASE(DSTST1D)
DB2DBASE = DSTST1D OWNER(KID )
XAUTH = DSTST1D ACID(KUSER )
ACCESS = NONE
FAC = DSN1B
ACTION = FAIL
- Comparison of TSSUTIL report results;
DATE TIME SYSI ACCESSOR JOBNAME FFM VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC RESOURCE (TYPE & NAME) JOBID TERMINA
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/08/31 17:52:41 TST1 SYSOPR XSDB2B1 3 F 01 DSNECP10 DROP NONE *08*-97 OPN ? DSTST1D J030252 INTRDR
20/08/31 17:52:41 TST1 SYSOPR XSDB2B1 3 F 02 DSNECP10 CRETS NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:42 TST1 SYSOPR XSDB2B1 3 F 03 DSNECP10 CRETAB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:43 TST1 SYSOPR XSDB2B1 3 F 04 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:44 TST1 SYSOPR XSDB2B1 3 F 05 DSNUTILB STATS NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:44 TST1 SYSOPR XSDB2B1 3 F 06 DSNUTILB REORG NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 07 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 08 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 09 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 10 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:46 TST1 SYSOPR XSDB2B1 3 F 11 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 12 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 13 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 14 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 15 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:47 TST1 SYSOPR XSDB2B1 3 F 16 DSNUTILB IMAGCOPY NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:48 TST1 SYSOPR XSDB2B1 3 F 17 DSNUTILB RECOVDB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
20/08/31 17:52:48 TST1 SYSOPR XSDB2B1 3 F 18 DSNUTILB RECOVDB NONE *08*-97 78 ? DSTST1D J030252 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IKJEFF04 OK VFX T030573 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 JES2 B W HOSCNVT PSCHK=NO SIGNON OK INI NAME=SYSDB2
20/09/01 13:38:13 TST1 SYSDB2 JES2 B W HOSCNVT OK TRM
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IEFIIC PSCHK=NO SIGNON OK INI NAME=SYSDB2 J030574 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 INIT B W IEFIIC OK TRM J030574 INTRDR
20/09/01 13:38:13 TST1 SYSDB2 XSDB2B1 B W IEFIIC PSCHK=NO SIGNON OK INI NAME=SYSDB2 J030574 INTRDR
20/09/01 13:38:27 TST1 SYSDB2 XSDB2B1 B W IEFIIC OK TRM J030574 INTRDR
-------- -------- ---- -------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- ------- -------
Environment
Release : 16.0
Component : CA Top Secret for z/OS
Resolution
Review the DSNZPARM settings. SYSDB2 is defined as an INSTALL SYSADM/SYSADM2 id.
That authid is not subject to any security authorization checking.
That would explain why the ID had the TSSUTIL events for signon and signoff type events.
Feedback
Yes
No
Powered by
