z/OS 3.2  enhancement introduces VSAM OPEN SAF checking.

How do you determine which VSAM datasets are affected so they can be defined and authorized to users accordingly?

Set Top Secret Control Option "OPTIONS(95)" so LOGSTREAM data gets logged to the Top Secret Audit Tracking File (ATF) and/or an SMF dataset.  

Then, the TSSUTIL report can be run to report on the VSAM datasets being affected by the enhancement and being checked for access.