CPU Restrictions not Honored

Troubleshooting › Common Troubleshooting Procedures › CPU Restrictions not Honored

CPU Restrictions not Honored

Symptom:

CPU restrictions are not being honored.

Solution:

Do the following:

Determine if the CPU restriction exists for the user(s) and CPU:
```
TSS LIST(acid) DATA(BASIC,XAUTH,PROFILE)
```
```
TSS LIST(ALL) DATA(XA)
```
If permissions exist which allow the user to access the CPU use the TSS REVOKE and PERMIT commands to define the access.
Determine if the CPU is owned.
```
TSS WHOOWNS CPU(cpu) 
```
If not owned, see the CPU keyword in the Command Functions Guide. If a resource is not owned, CA Top Secret cannot restrict access.
Determine if security mode for the facility (or site) and for the user or profile ACID(s) is in DORMANT or WARN MODE:
```
TSS MODIFY(FACILITY(fac))
```
```
TSS LIST(acid) DATA(XAUTH,PROFILE)
```
```
TSS LIST(ALL) DATA(XAUTH)
```
The mode might allow access without security checking. Consider moving the user to a more restrictive security mode.
Enter TSS WHOAMI at the user's terminal.
If MSG is not displayed in the LOG field, LOG options are not specified and no messages are being sent to the user.
Determine if the ACID possesses the NORESCHK attribute:
```
TSS LIST(acid) DATA(BASIC,PROFILE)
```
If yes, enter:
```
TSS REMOVE(acid) NORESCHK
```
Determine if the DRC control option is set to NOVIOL for the returned DRC:
```
TSS MODIFY (DRC(drc#)) 
```
If yes, reset the DRC.
Determine if the user is allowed to bypass security by locating the BYPASS message on the STATUS response:
```
TSS MODIFY(STATUS) 
```
If the user's ACID appears in this list remove the applicable bypass attribute from the user's ACID.
Activate the diagnostic trace for the user.
If trace records do not appear for facilities other than TSO, BATCH, or STC the subsystem might not have a working interface with CA Top Secret.