Top Secret

If you grant VOL(*ALL*)ACC(ALL)ACTION(AUDIT) - does this still BYPASS all dataset level checking on any given Volume ?

Meaning that with Volume level access with ACCESS(ALL) allows for full and complete access to all datasets on the volume(s) ?

Of course only DASD/Storage Administrators would ever require the above type of access.

Asking to double check and ensure the understanding has not changed.     Who and where would ACTION(NODSN) apply ?

Thank you

Hi Steve,

 ACC(ALL) to VOL(*ALL*(G)) will allow access to all datasets (when a volume is passed on the permit) because there will be no dataset checking.  If a volume is not passed then no volume checking is done and dataset checking will be done.

ACTION(NODSN) would apply when access to the VOLUME is something other than ALL or NONE where dataset checking comes in to play. See the chart at the following link for how volume access authorizations affect an acid’s request to access a data set on a volume:

https://docops.ca.com/ca-top-secret-for-z-os/16-0/en/using/resource-access-security-validation-algorithm/data-set-requests

For example, if the user has UPDATE access to the volume, they are allowed to READ and UPDATE a dataset on that volume. They are not allowed to CREATE a dataset on that volume. And if they try to delete (scratch) the dataset, it will go to dataset checking. If ACTION(NODSN) is specified on the VOLUME permit with ACCESS(UPDATE), the dataset checking will be bypassed and the user can delete any dataset on that volume regardless of what dataset access they have.

NOTE: ACTION(NODSN) is only valid on VOLUME permits.

Cheers,

~Eileen~