Hello, we have a question, with some masks to give permissions to some users.
We want users to be able to read files belonging to other users, but that they cannot be modified.
The problem we have is that we have two user nomenclatures: production -> TSOEXT * and development -> TSODSRx.
We have created a new profile, we have made two attempts to give permissions:
1st
TSS REV (PRUEPERF) DSN (DSR. ++++. TRA.%.) ACC (UPD, CREATE, SCRATCH)
TSS REV (PRUEPERF) DSN (DSR. ++++. EXP.%.) ACC (UPD, CREATE, SCRATCH)
TSS REV (PRUEPERF) DSN (DSR. ++++. MAE.%.) ACC (UPD, CREATE, SCRATCH)
TSS REV (PRUEPERF) DSN (DSR. ++++. TRA.TSO ++++.) ACC (READ)
TSS REV (PRUEPERF) DSN (DSR. ++++. MAE.TSO ++++.) ACC (READ)
TSS REV (PRUEPERF) DSN (DSR. ++++. EXP.TSO ++++.) ACC (READ)
With this option, we cannot modify the files generated by the user himself, so it is not valid for us.
2nd
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. EXP.TSODSR +.) ACCESS (READ)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. EXP.TSOEXT +.) ACCESS (READ)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. MAE.%. *) -
ACCESS (UPDATE, CREATE, SCRATCH)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. MAE.TSODSR +.) ACCESS (READ)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. MAE.TSOEXT +.) ACCESS (READ)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. TRA.%. *) -
ACCESS (UPDATE, CREATE, SCRATCH)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. TRA.TSODSR +.) ACCESS (READ)
TSS PERMIT (PRUEPERF) DSNAME (DSR. ++++. TRA.TSOEXT +.) ACCESS (READ)
With this option now the groups cannot read the files of their own groups. In other words, the user TSODSR1 cannot read the files created by the user TSODSR2.
Is there a way to make masks to make this work? Without having to define each resource on each user?