A Top Secret permit command was issued for a dataset with ACCESS(UPDATE) ACTION(AUDIT,NOTIFY).

     TSS PERMIT(acid) DSNAME(data.set.name) ACCESS(UPDATE) ACTION(AUDIT,NOTIFY)

- Because of the ACTION(AUDIT), there many OK+A entries in the TSSUTIL report for READ accesses.

 DATE TIME SYSI ACCESSOR JOBNAME  FFM VC PROGRAM  R-ACCESS A-ACCESS  SRC/DRC  SEC   RESOURCE (TYPE & NAME)
 date    time  ssss  acid                     jjjjjjjj      xxy          pgm                  READ     UPDATE         OK+A     OPN   D volume data.set.name

- Because of the ACTION(NOTIFY), there many TSS7299I messages for READ accesses. 

TSS7299I J=jjjjjj A=aaaaaa TYPE=DATASET RES=data.set.name   

Is there a way to prevent the OK+A entries in TSSUTIL and the TSS7299I messages when the access is READ but still get the OK+A entries and TSS7299I when the access is UPDATE?

The reason is UPDATE access includes READ, so since the permit is used when either READ or UPDATE access is requested, the TSS7299I (and OK+A events) occur for both.

The following can be done so the TSS7299I and (OK+A events) will only occur when UPDATE access is attempted:

TSS REVOKE(acid)  DSNAME(data.set.name) 

and, in this order:

TSS PERMIT(acid)  DSNAME(data.set.name) ACCESS(READ)
TSS PERMIT(acid)  DSNAME(data.set.name) ACCESS(UPDATE) ACTION(AUDIT,NOTIFY) 

With this set up:
- If READ access is attempted, the first permit (for READ) will be used to allow the access. Since this permit does not have ACTION(AUDIT,NOTIFY), the TSS7299I (and also the OK+A events in the TSSUTIL report) should not occur.

- If UPDATE access is attempted, then the second permit (with ACTION(AUDIT,NOTIFY) ) should be used and the TSS7299I (and also the OK+A events in the TSSUTIL report) should occur.