To determine whether access to a particular DASD data set should be allowed, CA Top Secret evaluates both the pertinent volume and data set access authorizations.
For tape volumes, generally volume or data set level security is in effect depending on the absence or presence of a tape management package.
CA Top Secret always performs volume level checking first. In some instances a request to access a data set is evaluated strictly on the basis of the volume access authorizations located by the volume level check.
For example, if the user is authorized for any volume level access other than CREATE and the request does not exceed this access level, CA Top Secret allows access to the volume and the data set without checking for DSNAME authorizations. If the ACID owns the volume access is allowed without any data set validation.
If the ACID has no relevant VOLUME authorization, CA Top Secret immediately switches to data set (DSN) validation checking (unless this is a data set creation request, in which case the request is automatically failed).
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|