Unexpected access to resources

Accesses to a protected system resource are either being unexpectedly granted or denied. It is always wise to first validate the ISAM processes are started and running normally.

Also check to ensure the ISAM message log files do not flag any operational problems. If ISAM seems operationally sound, the problem is likely due to the policies that have been defined and applied to that system resource.

There are three ISAM policy mechanisms that can be used to control access to your protected resources: ACLs, POPs, and authorization rules. Use the pdadmin commands to learn which ACL in the protected object space hierarchy has control over the access to the protected resource.

• ACL commands
  Security Verify Access access control depends on the following conditions:
• POP commands
  A protected object is accessible to a requester if the requester possesses the traverse permission on each ACL attached to container objects above the requested resource on the path towards root and including root.
• Authorization rule commands
  If an authorization rule is directly attached to the protected object in question, this authorization rule defines the rule policy for that object. If an authorization rule is not directly attached to the protected object in question, the controlling rule is the nearest one that is above it in the protected object hierarchy.

Parent topic: Common Security Verify Access problems