? About Granting ALL Access to One's Own TSO ID

Document ID : KB000109320
Last Modified Date : 02/08/2018
Show Technical Document Details
Question:
Our AUTH control option is set to AUTH(OVERRIDE,ALLOVER). In our TSS ALL record we have the following permission:

DSN(%.) ACC(ALL)

We also have a profile which contains several permissions for TSO USER IDs with UPDATE access:

DSN(xxxxxx.) ACC(UPDATE)

However, USER xxxxxx fails when he tries to create a dataset with his own HLQ: xxxxxx. Is there a way for xxxxxx to have ALL access to his HLQ without granting DSN(%.) ACC(ALL) on his ID or on another profile that comes before the profile containing DSN(xxxxxx,.) ACC(UPDATE) ? 
Answer:
The options are: 

1) Remove the profile with DSN(xxxxxx.) ACC(UPDATE) from xxxxxx

2) TSS WHOOWNS DSN(xxxxxx.) 

If the full high level qualifier 'xxxxxx.' is owned, you can undercut this to the xxxxxx acid via: 

TSS ADD(xxxxxx) DSN(TSOTEST.) UNDERCUT NOPERMIT 

If xxxxxx owns DSN(xxxxxx.), it will automatically have all access to xxxxxx. datasets. 

If the ownership is shorter (ie DSN(xxx) ), you can't own the longer name 'xxxxxx.' and if you undercut the shorter ownership to xxxxxx, this acid will have ALL access to datasets that start with xxx, not just xxxxxx. 

3) If 1 and 2 aren't feasible, then DSN(%.) ACC(ALL) will need to be permitted to the xxxxxx ID or on another profile that comes before the profile containing DSN(xxxxxx,.) ACC(UPDATE)