The following violation appears in SECTRACE messages running an Endevor job:
X TSS-F-0897*ACID123 TSTJOB01 B $LSRVDSN2000 G/0000001400,0020000000 L/A
X TSS-1 040000004000 00000000 T/0000000400 SYS2.ENDEVOR.TEST1.MCF
X TSS-2 820600 R/128000 S/000182,020100000000 N2.IR A/010080 P/C1BM3
X TSS-4 00000000 00AFC308 7F9AD9D0
The User ACID123 is permitted to the resource with access CONTROL
XA $LSRVDSN= SYS2.ENDEVOR.TEST1.MCF OWNER(ENDEVOR)
ACCESS = CONTROL
Release : 16.0
Component : Top Secret for z/OS
The record X TSS-1 040000004000 of the Sectrace means that the requested access is 0400 but the allowed access is 4000
The access code 0400 means CONTROL
The access code 4000 means READ.
So the access to the resource $LSRVDSN SYS2.ENDEVOR.TEST1.MCF needs access CONTROL but the user only is allowed to READ.
However, the list of the user ACID123 shows that is permitted to the resource with ACCESS=CONTROL.
XA $LSRVDSN= SYS2.ENDEVOR.TEST1.MCF OWNER(ENDEVOR)
ACCESS = CONTROL
A list of the resource $LSRVDSN from the RDT shows:
ACCESSORID = *RDT* NAME = RESOURCE DEFINITIONS
RESOURCE CLASS = $LSRVDSN
RESOURCE CODE = X'012'
ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(044),ACCESS,DEFPROT
ACCESS = CONTROL(4000),NONE(0000)
DEFACC = NONE
TSS0300I LIST FUNCTION SUCCESSFUL
The access CONTROL should be 0400, not 4000
Replace the access level for CONTROL with the Hexadecimal value 0400 using the following command:
More information about the Resource Access Level codes can be found at the following link: