Thanks
The reason I ask was that I have found subtle differences between ** and ***** not with DSN, but with FSACCESS.
Manual says
"An administrator can PERMIT access to all owned resources within a NOMASK resource class by using the special resource name:
*ALL*
For resource classes with the MASK attribute, a similar PERMIT can be managed with the resource name: *****
"
So i expected ***** is something special that may differ from **
Although we use ** for DSN now and in the past, i have used ***** for FSACCESS to comply to the manual.
There are subtle issues with FSACCESS if i combine FSACESS(*****) and other FSACCESS Permissions shorter or equal 5 char. (closest match algorithm)
I have already opened a case for this, and CA recreated the problem. We agreed to not change anything.
But after this there was a change
Eg. I have in a profile
FSACCESS(*****) ACC(NONE) ACTION(FAIL)
FSACCESS(ABCD.) ACC(ALL)
FSACCESS(others...)
Before refreshing TSS the Check for FSACC(ABCD.***) was allowed
After apply last refresh behaviour changed and ***** acc(none) is used in this case. So in my sandbox some STCs failed.
My solution was simply to change ***** Permissions to ** and all is ok again. ** is shorter than ***** and all other FSACCESS Permissions. So it only matches if no other permission is found.
So ** and ***** may not always be equal (at least dealing with FSACCESS)