Top Secret Volume Access and Data Set Checking
search cancel

Top Secret Volume Access and Data Set Checking


Article ID: 9618


Updated On:


Top Secret Top Secret - LDAP


When both volume and data set level access checking are being done, CA Top Secret always performs volume level first. In some cases a request to access a data set is granted or failed strictly on the basis of the ACID's volume access authorizations without checking whether he has specific authorization to access that particular data set.
Volumes checking is only done when the volume is passed.  If the volume is not passed on the call then only dataset checking is done and no volume checking occurs.


Release: TOPSEC00200-16-Top Secret-Security


The following table shows how volume access authorizations affect an ACID's request to access a data set on that volume:

Authorized Volume      Data Set       Data Set        Data Set         Data Set             

Access:                         Read:          Update:          Create:            Scratch:             

NONE                            FAIL             FAIL               FAIL                  FAIL                 

ALL                               OKAY            OKAY             OKAY               OKAY                 

CREATE                       DSNAME      DSNAME        DSNAME        DSNAME

READ                            OKAY           DSNAME        FAIL                 DSNAME 

Be aware of VSAM datasets where the VOLUME passed is the volume where the catalog resides and NOT where the dataset resides.

If you always want the Data Set access to be checked then you can issue the following commands: 
TSS ADD(msca) VOL(*ALL*(G)) 
The above will give users access to all volumes and continue to do Data Set checking.  The data set rule will have the final say as to whether to grant access or not.