Top Secret

I have a couple questions:

1)  In TSS is there an equivalent of RACF's UACC (universal access)?  suppose I want to activate a new class to allow all users READ access (UACC/READ), how would you code this?    

2)  so as not to break anything, what is the command to activate the new class in WARN mode?  or a new dataset profile for that matter.

thank you, bobby

There isn't a TSS command equivalent for the UACC RACF command

To grant access to all users you can grant the access to the ALL Record

surprise-alarm:  It depends from the AUTH control option, whether the permissions of the *ALL* record are effective or take part in the best-match algorithm. 

You are correct

thank you, our AUTH is set to the default override so i believe this will work...search user, profile, ALL in that order.  

can someone advise me to the 2nd question...how to create a resource in WARN mode, such as a new dataset profile..regards

you cannot put a dataset in WARN Mode.

You can permit the dataset with ACTION(AUDIT) if you want an audit record cut every time the permit is used to allow access, but in fail mode, if the user is not authorized to the resource, there is no way to cut a violation but still allow access.  

Thanks Robert, I suspected…I will go the ACTION(AUDIT) route

Bobby Sagami

HNA Mainframe Platform security

Robert,

Actually, that is not true.

Using the TSS Installation Exit (TSSINSTX) at exit point "DATASET", you can set a return code of twelve (12), which will cause the current resource access check to be performed as if the accessor ID were in "WARN" mode.

Please note that the RDT entry for resource class ID "DATASET" must first have "ATTR(EXIT)" set.

This may be undesirable in that all resource access checks for resource class ID "DATASET" will then be routed thru the TSS Installation Exit (TSSINSTX).

John P. Baker