ICH408I for Tape Date Sets running IDCAMS REPRO MERGECAT

search cancel

ICH408I for Tape Date Sets running IDCAMS REPRO MERGECAT

book

Article ID: 125500

calendar_today

Updated On:

Products

CA 1 Flexible Storage CA 1 Tape Management - Copycat Utility CA 1 Tape Management - Add-On Options

Issue/Introduction

IDCAMS REPRO MERGECAT fails with the following security violations for migrated data sets and for data sets on tape volumes:

ICH408I USER(userid ) GROUP(group ) NAME(user name )
HLQ.data.set.name CL(DATASET ) VOL(MIGRAT)
INSUFFICIENT ACCESS AUTHORITY
FROM HLQ.** (G)
ACCESS INTENT(ALTER ) ACCESS ALLOWED(READ )
ICH408I USER(userid ) GROUP(group ) NAME(user name )
HLQ.data.set.name CL(DATASET ) VOL(tape00)
INSUFFICIENT ACCESS AUTHORITY
FROM HLQ.** (G)
ACCESS INTENT(ALTER ) ACCESS ALLOWED(READ )

The Userid running MERGECAT has ALTER ACCESS to the Catalogs and READ ACCESS to the Data Sets being merged.
This works for Data Sets on DASD, but fails for Tape Data Sets or migrated Data Sets.

Environment

Release:
Component: 1

Resolution

This problem is caused by the CA 1 Catalog Interface. It is addressed by CA Common Tape (CM-$F) Problem 298. Following details for PTF SO13571

Title: CORRECT SECURITY CALL DURING A MERGECAT OPERATION

PROBLEM DESCRIPTION:
For CA 1 clients when OCEOV is set to YES and an attempt is made to perform
a REPRO MERGECAT operation, without access to the data set names being
merged, it will fail with a security violation.

SYMPTOMS:
A security-violation on an individual file will prevent the IDCAMS procedure
from ending correctly.

IMPACT:
Cannot perform the MERGECAT operation.

CIRCUMVENTION:
A circumvention would be to disable the CA 1 check at OPEN and enable the
same call from OPEN itself. This can be done by changing OCEOV to NO in the
TMOOPTxx member of CA 1 options and setting the TAPEAUTHDSN=YES option in
DEVSUPxx member of SYS1.PARMLIB instead.

Feedback

thumb_up Yes

thumb_down No