We want to issue a TSS PERMIT for CA View reports with ACCESS(NONE) and MODE(WARN) so access could continue while I contact the users and have them request approval.
There is no way to code a rule in WARN mode, ie ACTION(WARN) is not valid on a TSS PERMIT command. (Only ACTION(FAIL) is valid.)
In FAIL mode, once the resource is defined to CA Top Secret or the DEFPROT attribute is set on the resource class, a user must be explicitly permitted to access to the resource.
For this situation, the following action is recommended:
Refer to the CA Top Secret Command Functions Guide and CA Top Secret User Guide for information regarding the TSS PERMIT command.
Release: TOPSEC00200-15-Top Secret-Security