What is the proper command syntax to render the program IND$FILE with an access= NONE in our ALL record?

Document ID : KB000023790
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

I would like to allow the use of the program IND$FILE to just a few choosen users, and for the rest of the users, render the program unaccessible in the ALL record. I have tried to add a permit to the ALL record as:

  tss per(all) program(ind$file) access(none)

But this invariably returns an error message :

  TSS0210E  INVALID ACCESS KEYWORD 
TSS0301I PERMIT FUNCTION FAILED, RETURN CODE = 4

What is wrong here ?

Answer:

Normally, it is enough to just OWN the program resource IND$FILE, without any further permits, to render the program unusable for any acid that does not possess general bypasses such as NODSNCHK etc, or general permits.

So, by just owning the program, you should effectively have a general access denial to this program :

      TSS ADDTO(department-acid) PROGRAM(IND$FILE) 

You can also explicitly deny access to the program by this permission to the ALL record :

      TSS PERMIT(ALL) PROGRAM(IND$FILE) ACTION(DENY) 

or to force fail mode

      TSS PERMIT(ALL) PROGRAM(IND$FILE) ACTION(FAIL,DENY) 

If a specific acid would then require access to the program, you can grant it with :

      TSS PERMIT(acidname) PROGRAM(IND$FILE) 

Be aware that the above permission to use IND$FILE does not require an ACCESS keyword.