The one user got the CAY6321W message when verify to the PDSE allocation JCL by JCLCheck.
As for the user's authority level, The user has  access authority to the target dataset name and volume name.
However, the same user did not get CAY6321W when they verified to the PDS allocation JCL by JCLCheck.

Case of PDSE(Invalid CAY6321W case):

//TSTUSR1A JOB (xxxxxxxxx),'TSTUSR1',CLASS=A,MSGCLASS=X,               
//         NOTIFY=TSTUSR1,MSGLEVEL=(1,1),USER=TSTUSR1                  
//RECAT   EXEC PGM=IEFBR14                                             
//ALLOC    DD  DSN=TEST.DATA.PDSE,                                     
//          DISP=(,CATLG),UNIT=SYSDA,DATACLAS=#SMSDATA,                
//          SPACE=(TRK,(1,1,1),RLSE),DCB=(DSORG=PO,RECFM=U),           
//          DSNTYPE=(LIBRARY,2)                                        

1.     CAY6320I  USER  'TSTUSR1 /TSTUSR1' VIRTUAL SIGNON TO CAISSF COMPLETE SOURCE: CAZ1SSF+003B16    
4.     CAY6321W  POTENTIAL SECURITY VIOLATION DETECTED  'DATASET, ACCESS LEVEL=CREATE' ACID = 'TSTUSR1' SOURCE: CAZ1SSF+0017EC  

Release : 12.0

Please apply to the LU08527.

This problem corrected by Apar LT08527.(Created by 33295056 and 33295790).
If this apar publish, we will update the this KD.