CAS4TRCE *Bypass check* in ACF2

book

Article ID: 208124

calendar_today

Updated On:

Products

CA ACF2 CA ACF2 - MISC CA ACF2 - z/OS

Issue/Introduction

When running a CAS4TRCE to troubleshoot issues regarding PDS Member Level protection in ACF2, the following messages appear:

CAS4803D SEC: A:All  C:xxx      V:*None* D:*Bypass check*                      
CAS4804D SEC: C:xxx      E:CAPDSSEC P:ISRUDL   A:02 RC:08

What bypass check is being performed? Does this mean PDS Member Level protection is being bypassed? What do the return codes indicate? 

Resolution

There may be situations which call for bypassing member-level protection for a PDS that is normally protected. When a protected library is accessed, a data set validation call is performed with a data set name of CAPDSSEC.BYPASS.rsrctype for write access. The rsrctype value is from the GSO PDS record that describes the data set or data sets that are protected. If access is allowed to this data set resource, PDS member-level validation is bypassed.

A return code of 8 indicates that a bypass is not being performed.

CAS4803D SEC: A:All  C:xxx      V:*None* D:*Bypass check*                      
CAS4804D SEC: C:xxx      E:CAPDSSEC P:ISRUDL   A:02 RC:08

A return code of 0 indicates that an access rule was found for CAPDSSEC.BYPASS, and that PDS member-level security is being bypassed for the specified resource type (xxx). 

CAS4803D SEC: A:All  C:xxx      V:*None* D:*Bypass check*
CAS4804D SEC: C:xxx      E:CAPDSSEC P:ISRUDL   A:02 RC:00

 

Additional Information

For information on the CAPDSSEC access rule, please see the section in the ACF2 documentation: using ACFNRULE in Batch in Implement Member-Level Protection.