Well, dang, I posted a reply a day or two ago, but after I finished my effort disappeared. The main Discussions panel acknowledges that I answered, but counts only 3 replies and that's all I see here too. Let's try again:
1) Right you are about two-char ownership. Even as I typed in that one-letter DSN it looked a little off to me, not because I remembered what the manual said about it but probably because I always see two chars when I actually look in TSS. Ok, two it is.
2) But I don't yet see the problems you're trying to describe about ownership. Maybe I'm making it simpler than it really is. Here's the way I see it:
a) Some time in the far-distant past, a security admin wrote "TSS ADD(DEPT99) DSN(X*)" (and likewise the other chars).
b) Now I create a new ACID and include "TSS ADD(XYZ) DSN(XYZ.) UNDERCUT"
As a result, most datasets starting with 'X' are owned by DEPT99, but datasets named XYZ.something are owned by user XYZ. Where's the problem? You say you stand by your initial warnings, that it's very dangerous, but as far as I can see your initial warnings don't actually say what the danger is.
"There is no verification prompt when you use the TSS ADD command." Yes, when I issue a TSS command it does exactly what I told it to do.
"If you mistype the ADD command..." Yes, if I make a mistake then I've introduced a mistake into TSS. But if this is a reason not to assign ownership, it is likewise a reason not to do any security administration.
"Not every customer can own each TSO ID because of conflicts in other dataset names, which are already owned at a shorter length." But that was based on a misunderstanding of the string I proposed using; we've disposed of this one. The way I have it, every customer can own his own TSO datasets.
"If TSS is warning you that your ADD command will not work without an undercut, that is an indication you are already conflicting with existing ownerships." Well, no; using UNDERCUT isn't a conflict, it resolves a conflict that would otherwise exist.
"....if you need to undercut access, you have to be scoped...." That's not a reason not to assign ownership to each user; it means only that only properly scoped admins can do it. I didn't mean to be unclear, but my question is about how a properly scoped admin should do things.
I'm still listening, though, because I assume you have some reason to worry about this. Are you able to say what it is?