Top Secret

I set out yesterday to browse the CFILE for dataset permissions that specify a VOLSER, that being the way I'm used to securing an uncatalogued DS in RACF.  The syntax would go something like this, I suppose:

  tss per(acid) dataset('hlq.dataset.name') volume(tan035) access(read)

But when I checked the manual to see where CFILE stores the VOLSER in such a permission, I found nothing, and realized that maybe TSS doesn't handle it that way at all.  How do I do this?  All I see is separate DATASET and VOLUME rules, and I can't figure out how to combine them for a particular dataset.

Hi Bob,

You cannot specify a VOLUME restriction on a DATASET permit in CA Top Secret. The command you posted will be processed as 2 commands:

TSS PER(acid) DATASET('HLQ.DATASET.NAME') ACCESS(READ)

TSS PER(acid) VOLUME(TAN035) ACCESS(READ)

It doesn't matter in TSS if the dataset is cataloged or not. You own the dataset and permit it. If the dataset is not cataloged, when the dataset is opened, DFSMS will issue a RACROUTE REQUEST=AUTH and specify a dataset name and the volser.

Best regards,

Bob Boerum

So there's no way to have different protections for an uncatalogued dataset on one volume than for one on another volume, as there is in RACF.  Well, it's not like I've ever needed that capability.  The reason I asked is that as part of cleaning up the TSS database, I wrote a series of checks for dataset permissions in TSS for which no actual datasets correspond, the idea being that I can revoke the permissions.  Someone pointed out that there might be uncatalogued datasets to take into account.

Well, there still may be.  But I'm keeping track of the permissions I revoke, and interacting with the storage-management SME; I should be alright.  Thanks, Bob.