RSTDACC keyword—Control Access to Resources

Valid on z/OS, z/VSE, and z/VM

Use the RSTDACC keyword to prevent CA Top Secret users from accessing protected resources.

The RSTDACC keyword is effective only under USS and only when control option HFSSEC is set to OFF.

Access is allowed:

If the file USER bit of the accessing user matches the file owner UID
If the GROUP bits of the file owning group match one of the accessing user's GIDs.
If the file has an associated ACL entries which allow additional UID and GID specifications

Access may also be allowed based on the OTHER bit default access if the user has the RSTDACC keyword and READ access to:

UNIXPRIV(RESTRICTED.FILESYS.ACCESS)

The following table presents READ access scenarios:

User is "restricted"	READ access to UNIXPRIV(RESTRICTED.FILESYS.ACCESS)	Result
Yes	Yes	Check "other" bits to determine access.
Yes	No	Bypass check of "other" bits and deny access.
No	Yes	Check "other" bits to determine access.
No	No	Check "other" bits to determine access.

This keyword has the following format:

TSS ADDTO(acid) RSTDACC

This keyword is used with:

This example allows public to bypass security checks for resource access (except data sets and volumes):

TSS ADDTO(public) RSTDACC

This example removes the RSTDACC attribute:

TSS REMOVE(public) RSTDACC