Tried to run a TSSUTIL for event INIT and event VIOL. The ACID no longer exist in TSS. Receive message TSS8007E ACCESSOR ID UNKNOWN.

Know that violation occurred for this ID. How to run a report to find the violation for this ACID.

Product: Top Secret

To report on a violation for an ACID that has been deleted from the security file, you cannot use the ACID(acidname) parameter in TSSUTIL. This utility verifies the existence of the ACID before processing; if the ACID is unknown, it returns the TSS8007E ACCESSOR ID UNKNOWN error.

To find the violation records for a deleted ACID, run the TSSUTIL report using the JOBNAME or DRC parameters instead of the ACID parameter. Since the security file no longer contains the ACID, TSSUTIL can still extract records from the SMF data or the Top Secret Audit File based on other criteria.

Recommended Steps:

1. Use JOBNAME: If you know the jobname associated with the violation, use REPORT EVENT(VIOL) JOBNAME(jobname) DATE(-30).
2. Use DRC (Detail Reason Code): You can filter for specific violation types. For example, REPORT EVENT(VIOL) DRC(RS) DATE(-30) will report all resource violations.
3. Run a Broad Report: Run the report without specific ACID filtering to capture all violations during the period, then manually search the output for the specific ID: REPORT EVENT(VIOL) DATE(-30) LONG END