I would like to allow the use of the program IND$FILE to just a few choosen users, and for the rest of the users, render the program unaccessible in the ALL record. I have tried to add a permit to the ALL record as:
tss per(all) program(ind$file) access(none)
But this invariably returns an error message :
TSS0210E INVALID ACCESS KEYWORD
TSS0301I PERMIT FUNCTION FAILED, RETURN CODE = 4
What is wrong here ?
Normally, it is enough to just OWN the program resource IND$FILE, without any further permits, to render the program unusable for any acid that does not possess general bypasses such as NODSNCHK etc, or general permits.
So, by just owning the program, you should effectively have a general access denial to this program :
TSS ADDTO(department-acid) PROGRAM(IND$FILE)
You can also explicitly deny access to the program by this permission to the ALL record :
TSS PERMIT(ALL) PROGRAM(IND$FILE) ACTION(DENY)
or to force fail mode :
TSS PERMIT(ALL) PROGRAM(IND$FILE) ACTION(FAIL,DENY)
If a specific acid would then require access to the program, you can grant it with :
TSS PERMIT(acidname) PROGRAM(IND$FILE)
Be aware that the above permission to use IND$FILE does not require an ACCESS keyword.