The following violation appears in SECTRACE messages running an Endevor job:

X TSS-F-0897*ACID123  TSTJOB01 B $LSRVDSN2000 G/0000001400,0020000000 L/A
X TSS-1 040000004000 00000000   T/0000000400        SYS2.ENDEVOR.TEST1.MCF 
X TSS-2 820600 R/128000 S/000182,020100000000   N2.IR    A/010080 P/C1BM3
X TSS-4 00000000 00AFC308 7F9AD9D0                                       

The User ACID123 is permitted to the resource with access CONTROL

                                                  
XA $LSRVDSN= SYS2.ENDEVOR.TEST1.MCF                          OWNER(ENDEVOR) 
   ACCESS  = CONTROL                                                                   

Release : 16.0

Component : Top Secret for z/OS

The record X TSS-1 040000004000  of the Sectrace means that the requested access is 0400 but the allowed access is 4000

The access code 0400 means CONTROL

The access code 4000 means READ.

So the access to the resource $LSRVDSN  SYS2.ENDEVOR.TEST1.MCF needs access CONTROL but the user only is allowed to READ.

However, the list of the user  ACID123 shows that is permitted to the resource with ACCESS=CONTROL.

XA $LSRVDSN= SYS2.ENDEVOR.TEST1.MCF                          OWNER(ENDEVOR) 
   ACCESS  = CONTROL

A list of the resource $LSRVDSN  from the RDT shows:

ACCESSORID = *RDT*     NAME       = RESOURCE DEFINITIONS           
   RESOURCE CLASS = $LSRVDSN                                        
   RESOURCE CODE = X'012'                                          
       ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT 
          ACCESS = CONTROL(4000),NONE(0000)                        
          DEFACC = NONE                                            
TSS0300I  LIST     FUNCTION SUCCESSFUL 

The access CONTROL should be 0400, not 4000

Replace the access level for CONTROL with the Hexadecimal value 0400 using the following command:

More information about the Resource Access Level codes can be found at the following link: