Volume Access and Data Set Checking

Document ID : KB000009618
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

When both volume and data set level access checking are being done, CA Top Secret always performs volume level first. In some cases a request to access a data set is granted or failed strictly on the basis of the ACID's volume access authorizations without checking whether he has specific authorization to access that particular data set.

Instructions:

The following table shows how volume access authorizations affect an ACID's request to access a data set on that volume:

Authorized Volume      Data Set       Data Set        Data Set       Data Set             

Access:                        Read:          Update:          Create:        Scratch:             

NONE                           FAIL             FAIL               FAIL             FAIL                 

ALL                              OKAY            OKAY             OKAY           OKAY                 

CREATE                      DSNAME        DSNAME        DSNAME       DSNAME

READ                           OKAY           DSNAME           FAIL          DSNAME 

Also, be aware of VSAM dataset where the VOLUME passed is the one where the catalog resides on and NOT the one where the dataset resides on.

 

If you always want the Data Set access to be checked then you can issue the following commands: 
TSS ADD(msca) VOL(*ALL*(G)) 
TSS PERMIT(ALL) VOL(*ALL*(G)) ACCESS(CREATE) 
The above will give users access to all volumes and continue to do Data Set checking.