Facility Access Incorrectly Allowed

Symptom:

Users are being granted incorrect access to facilities.

Solution:

Do the following:

Determine if the facility appears within the user or profile ACID's Security Record:
```
TSS LIST(acid) DATA(BASIC,PROFILE)
```
```
TSS LIST(ALL) DATA(BASIC)
```
Remove the facility from the Security Record or remove the user from the profile.
Determine if the user ACID, profile ACID or facility are in DORMANT or WARN MODE:
```
TSS MODIFY(FACILITY(fac))
```
```
TSS LIST(acid) DATA(XAUTH,PROFILE)
```
```
TSS LIST(ALL) DATA(XAUTH)
```
Consider moving the user to a more restrictive security mode or set WARNPW in the FACILITY control option.
Determine if MSG is displayed in the LOG field in response to a WHOAMI command.
If not, the MSG option is not specified.
Determine if the user possesses the NORESCHK attribute:
```
TSS LIST(acid)  DATA(BASIC,PROFILE)
```
Remove the NORESCHK attribute from the ACID.
Determine if the user is allowed to bypass security by locating BYPASS message TSS9530I on the STATUS response:
```
TSS MODIFY(STATUS)
```
Reset BYPASS:
```
TSS BYPASS(RESET).
```
Determine if the DRC control option is set to NOVIOL for the returned DRC code:
```
TSS MODIFY(DRC(drc#)) 
```
Reset the DRC NOVIOL attribute.
Activate the diagnostic trace for the user.
If trace records do not appear for facilities other than TSO, BATCH, or STC the site might not have a working interface with CA Top Secret.