When both volume and data set level access checking are done, Top Secret always performs volume level first. In some cases a request to access a data set is granted or failed strictly on the basis of the ACID's volume access authorizations without checking whether the user is authorized to access that particular data set.
Volume checking is only done when the volume is passed. If the volume is not passed on the call, then only dataset checking is done and no volume checking occurs.
Release: TOPSEC00200-16-Top Secret-Security
Component:
The following table shows how volume access authorizations affect an ACID's request to access a data set on that volume:
AUTHORIZED | ATTEMPTED DATA SET ACCESS
VOLUME ACCESS | Read Update Create Scratch
NONE | FAIL FAIL FAIL FAIL
ALL | OKAY OKAY OKAY OKAY
CREATE | DSNAME DSNAME DSNAME DSNAME
READ | OKAY DSNAME FAIL DSNAME
Be aware of VSAM datasets where the VOLUME passed is the volume where the catalog resides and NOT where the dataset resides.
TSS ADD(msca) VOL(*ALL*(G))
TSS PERMIT(ALL) VOL(*ALL*(G)) ACCESS(CREATE)