Is there any type of trace in Top Secret that shows how a resource gets validated at 'runtime'?

There is a Top Secret Security Trace (done either at the User Level, Facility, or Globally depending on the circumstances) that can be run, to see what Security 'calls' are being made, the Return Codes passed back, as well as a lot of other information, including, but not limited to:

• The Requested Access Level.
• The Allowed Access Level.
• The Resource Class being checked.
• The Resource Name being checked.
• Where the Rule that ALLOWED/DENIED Access resides (i.e. User ACID, Profile Number, or the ALL Record).
• The Rule Number within the ACID above.

To run the Trace at a User Level:

1.)  TSS ADD(acid) TRACE

where 'acid' is the User ACID to be traced.

2.)  TSS REFRESH(acid) JOBNAME(*)

3.)  TSS MODIFY SECTRACE(ACT,WTL)

4.)  Recreate the problem

To reset it:

1.)  TSS MODIFY SECTRACE(OFF)

2.)  TSS REM(acid) TRACE

The output will go to the SYSLOG and all Trace Records will start with 'TSS-'.

If the User ACID isn't known, but the Facility is known, run a Facility Trace. To run the trace at a Facility Level:

1.)  TSS MODIFY FACILITY(fac=TRACE)

where 'fac' is the Facility to be traced, for example, CICSPROD, ROSCOE, etc.

2.)   TSS MODIFY SECTRACE(ACT,WTL)

3.)  Recreate the problem

To reset it:

1.)   TSS MODIFY SECTRACE(OFF)

2.)  TSS MODIFY FACILITY(fac=NOTRACE)

The output will go to the SYSLOG and all Trace records will start with 'TSS-'. The Facility Trace will trace all Security 'calls' within the specified Facility. If possible, the Facility Trace should be run when there is minimal, or no other activity, in that Facility, since this can negatively impact performance.

The Global Trace will trace everything on the System, and should only be run at the direction of Support, because it can severely impact system performance!

If the commands for the Global trace are needed, please contact Top Secret Technical Support.