Using CSM to install a product, the following error occurs: CSI is not accessible for userID to ALTER
Article ID: 130153
Updated On:
Products
Mainframe Software Manager (Chorus Software Manager)
Issue/Introduction
Attempting to install CA Auditor r12.1 using CA CSM r6.0 encounters failure when selecting the dataset name prefix for the CSI, and other SMP/E datasets. After clicking next, the error messages:
Error: highlevel.CSI is not accessible for (myID) to ALTER. Security rules prevent (myID) ALTER access to SMPHOLD, SMPPTS, SMPLTS, SMPMTS, SMPSCDS, and SMPSTS.
ACF/2 is the External Security Manager, and (myID) does have ALLOC and ALTER access to those datasets, What could be the cause of this error?
Error: highlevel.CSI is not accessible for (myID) to ALTER. Security rules prevent (myID) ALTER access to SMPHOLD, SMPPTS, SMPLTS, SMPMTS, SMPSCDS, and SMPSTS.
ACF/2 is the External Security Manager, and (myID) does have ALLOC and ALTER access to those datasets, What could be the cause of this error?
Environment
CSM 6.0 Build 142
Cause
This is a bug in CSM..
Resolution
Build 143 (ptf RO95339) resolves this condition.
Additional Information
Here is information as documented in RO95338:
CSI DATASET NOT ACCESSIBLE IN BASE INSTALL WIZARD
PROBLEM DESCRIPTION:
An error that *.CSI data set is not accessible for user to ALTER appears in
the SMP/E Environment Setup step of the Base Installation wizard. This can
happen for customer having non-SMS managed environment and use the data set
parameters VOLSER and Unit instead of SMS parameters.
This data set name is then passed to the RACROUTE macro which verifies
required access level for the user. The volser value is not used in the
security check which results in no access response from security product.
SYMPTOMS:
1. Error message in the Base Installation wizard -
"Error:SOME.DATASET.CSI is not accessible for USERID to ALTER."
2. When MVSUTIL_LOGLEVEL set to trace, this message appears in the STDMSG:
"(mvsutil/security.c:169): secur_dataset_access: secur_dataset_max_access
(dsn=SOME.DATASET.CSI, volser=, DSTYPE_NONVSAM, loglevel=2) = 0;
racf_rc=0x14; reason_code=0x0"
Reason code 0x0 means no access.
For other SMP/E environment data sets, the volser parameter in above message
is filled in correctly and the reason_code has value 0x10. Which means ALTER
authority.
CSI DATASET NOT ACCESSIBLE IN BASE INSTALL WIZARD
PROBLEM DESCRIPTION:
An error that *.CSI data set is not accessible for user to ALTER appears in
the SMP/E Environment Setup step of the Base Installation wizard. This can
happen for customer having non-SMS managed environment and use the data set
parameters VOLSER and Unit instead of SMS parameters.
This data set name is then passed to the RACROUTE macro which verifies
required access level for the user. The volser value is not used in the
security check which results in no access response from security product.
SYMPTOMS:
1. Error message in the Base Installation wizard -
"Error:SOME.DATASET.CSI is not accessible for USERID to ALTER."
2. When MVSUTIL_LOGLEVEL set to trace, this message appears in the STDMSG:
"(mvsutil/security.c:169): secur_dataset_access: secur_dataset_max_access
(dsn=SOME.DATASET.CSI, volser=, DSTYPE_NONVSAM, loglevel=2) = 0;
racf_rc=0x14; reason_code=0x0"
Reason code 0x0 means no access.
For other SMP/E environment data sets, the volser parameter in above message
is filled in correctly and the reason_code has value 0x10. Which means ALTER
authority.
Feedback
Yes
No
Powered by
