Document ID : KB000117448
Last Modified Date : 12/10/2018
Show Technical Document Details
We are sharing the security file beetwwen systems A,B,C and D.

We're trying to restrict a DATASET(DS)  access on  C and D - permit the DS access on A and B.

When  we issue the following command

tss per(all) dsn(DS) acc(none) sysid(C,D) - the DS access is denied on ALL systems.

On C and D we get 

TSS7227E READ Access Not Granted to Dataset DS

On A and B we get

TSS7228E Dataset Not Available From This System

We expected READ Access should be allowed on A & B, because acc(none) should be only valid on C&D ..

When we issue the following commands

tss per(all) dsn(DS) acc(none) sysid(C,D) 
tss per(all) dsn(DS) acc(read) sysid(A,B) 

the DS access is allowed on A&B- denied on C&D systems.

When using SYSID keyword on PERMIT; do we need to explicitly specify all access for all systems?

When you restrict permission with SYSID, when you access to the resource via another SYSID it is expected to receive "TSS7228E Dataset Not Available From This System" message.

You must then authorize the acid to access to the resource specifying the correct SYSID.

In other words, when a SYSID is specify, it means that the resource is available only on the SYSIDs specified on the permit command.