BPX security issues using CA XCOM in OMVS USS

book

Article ID: 103182

calendar_today

Updated On:

Products

CA XCOM Data Transport CA XCOM Data Transport - Windows CA XCOM Data Transport - Linux PC CA XCOM Data Transport - z/OS

Issue/Introduction

Using CA XCOM to transfer USS files.
Getting
ICH420I PROGRAM [email protected] FROM LIBRARY PISV.CAS9.CAW0LINK CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.
XCOMM0128I XCOM12 REQ#=123456 FOLLOWING FMH7 SENT TO CONVERSATION PARTNER
XCOMM0854E XCOM12 REQ#=123456 SAF SECURITY FAILED, 320 RV=FFFFFFFF, RC=0000008B, REAS=130102AF,/opt/XCOM/filetst
ICH420I PROGRAM [email protected] FROM LIBRARY PISV.CAS9.CAW0LINK CAUSED THE ENVIRONMENT TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON) PROCESSING.


What are the requirements to transfer USS files with XCOM for z/OS?

Environment

Release:
Component: XCMVS

Resolution

These messages indicate that security (RACF) is rejecting XCOM's request for the reason given in the ICH420I message. Please check carefully the definition of [email protected] and the library named in the message to RACF.
Things to check:
  • Add the XCOM userid to BPX.SERVER resource
  • Add the XCOMXFER program to PROGRAM control resource
  • Add [email protected] program to PROGRAM control resource
  • Recycle XCOM after making these changes
Also please refer to Tech Tips: Some additional information on message XCOMM0854E.

Additional Information

For basic information about OMVS and USS Files with XCOM, please refer to these sections in the CA XCOM Data Transport for z/OS - 12.0 documentation online. 

OMVS Requirements 

Ensure the value set for the BPX PARMLIB parameter MAXPROCUSER handles the number of processes that CA XCOM tasks use. CA XCOM functions run at the subtask level. Each subtask is considered a process due to the new version of ETPKI that is distributed with this release. The new version of ETPKI requires a POSIX environment.

Functions that run as a subtask:

  • TCPIP transfers
  • Setting SECURITY=SAF
  • SNA transfers
  • USS file transfers
  • ISPF
  • Inquiry for transfers (TYPE=INQUIRE)
  • History requests (TYPE=HISTORY or using ISPF)

Consider setting the value for MAXPROCUSER by using the following formula:

MAXPROCUSER value = MAXTASK x 2 + nn

The number nn is the number of active TCP/IP listeners.

Security Considerations for USS Files  
USS support enforces SAF security for all transfers that involve a USS file, regardless of the SECURITY= parameter in the default table, config member or EXEC statement. 

USS Files 
This section in our online documentation describes special considerations for handling USS files, including HFS, ZFS, and TFS files.