We are installing security for a Liberty application on zOS.   The IBM documentation calls for the use of the APPL class and that it must contain an access level.  Our Top Secret RDT definition for APPL does not specify access levels. 

Example from IBM Liberty installation documentation:

// Define APPL

RDEFINE APPL BBGZTST UACC(NONE)

// Activate the APPL class. 

//If not active, the domain is not restricted, which means anyone can authenticate to it.

SETROPTS CLASSACT(APPL)

//All users to be authenticated by the server must have READ access to the APPLID in the APPL class:

PERMIT BBGZTST CLASS(APPL) ACCESS(READ) ID(UserID)

 Commands converted to TSS: 

 Example from IBM Liberty installation documentation: 

1. RDEFINE APPL BBGZTST UACC(NONE) 

TSS ADD(owningacid) APPL(BBGZTST) 

2. SETROPTS CLASSACT(APPL) 

No equivalent in TSS and not needed. TSS dynamically refreshes the resource class table when changes are made to any resource class.

3. PERMIT BBGZTST CLASS(APPL) ACCESS(READ) ID(UserID) 

TSS PERMIT(UserID) APPL(BBGZTST)  ***Read is the default access level.