Data Set Passwords not Checked

Symptom:

Users are being granted access to a resource without being checked.

Solution:

Do the following:

Determine if the data set has the ACTION(PASSWORD) attribute:
```
TSS WHOHAS DSNAME(data set name or prefix) 
```
If the ACTION(PASSWORD) is attached, permit the data set attaching the ACTION(PASSWORD) attribute.
Determine if the ACID has the NODSNCHK attribute:
```
TSS LIST(acid) DATA(BASIC,PROFILE) 
```
If the ACID has NODSNCHK attribute remove authority with:.
```
TSS REMOVE(acid) NODSNCHK
```
Determine if the user has ACTION(NODSNCHK) authority to the volume:
```
TSS LIST(acid) DATA(XAUTH,PROFILE)
```
```
TSS LIST(ALL) DATA(XAUTH)
```
If the volume is authorized with ACTION(NODSNCHK) CA Top Secret will not perform data set level checking.
Turn on the TSS TRACE for the ACID:
```
TSS ADDTO(acid) TRACE
```
If the acid is signed on, issue:
```
TSS REFRESH(acid)
```
Activate the TRACE from the console:
```
TSS MODIFY(SECTRACE(ACT,WTL))
```
Ask the user to access the data set in question. Examine the trace information.
- If 04 DRC is being returned, the data set is authorized with ACTION(PASSWORD).
- If 04 DRC is not being returned, an overriding authorization was found in the user acid, connected profiles, or ALL Record. Determine the source of the overriding authorization and REVOKE it from the ACID.