We are sharing the security file beetwwen systems A,B,C and D.
We're trying to restrict a DATASET(DS) access on C and D - permit the DS access on A and B.
When we issue the following command
tss per(all) dsn(DS) acc(none) sysid(C,D) - the DS access is denied on ALL systems.
On C and D we get
TSS7227E READ Access Not Granted to Dataset DS
On A and B we get
TSS7228E Dataset Not Available From This System
TSS7230E DSN: DS
We expected READ Access should be allowed on A & B, because acc(none) should be only valid on C&D ..
When we issue the following commands
tss per(all) dsn(DS) acc(none) sysid(C,D)
tss per(all) dsn(DS) acc(read) sysid(A,B)
the DS access is allowed on A&B- denied on C&D systems.
When using SYSID keyword on PERMIT; do we need to explicitly specify all access for all systems?
When you restrict permission with SYSID, when you access to the resource via another SYSID it is expected to receive "TSS7228E Dataset Not Available From This System" message.
You must then authorize the acid to access to the resource specifying the correct SYSID.
In other words, when a SYSID is specify, it means that the resource is available only on the SYSIDs specified on the permit command.