Question:

How do you secure and grant access to the new FSACCESS class introduced by IBM to protect file systems on an individual user basis.

Our support for this class was introduced by RO35644 (maintenance superceded by RO36198) and modified by RO37807.

Solution:

Any user accessing a file system needs to have access to the resource.

To allow the access to all acids, issue a:

TSS ADD(somedept) FSACCESS(**)
TSS PER(ALL) FSACCESS(**) ACCESS(UPDATE)

If granting everyone access is not an option, individual access can be give to each user as needed.

The TSSOERPT report entries for ck_access security check will show the entity name to be PERMITed FSACCESS 'File system dataset'.

Note:  An acid with NODSNCHK will still need a permission to the FSACCESS resource for the ck_access security check ***OR*** the bypass attribute NORESCHK.