Job Using Top Secret FACILITY BATCH Instead Of FACILITY STC
search cancel

Job Using Top Secret FACILITY BATCH Instead Of FACILITY STC

book

Article ID: 13035

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

A TSSUTIL violation report reveals two violations, which always occur at midnight, presumably because of the z/OS or CICS time change messages.

CA TOP SECRET VERSION 15.0 SECURITY ACTIVITY/INCIDENTS REPORT # 01 10/18/16 10:14:20 PAGE 00001

DATE TIME SYSID ACCESSOR JOBNAME FACILITY MODE VC PROGRAM R-ACCESS A-ACCESS SRC/DRC SEC JOBID TERMINAL
-------- -------- ----- -------- -------- -------- ---- -- -------- -------- -------- ------- --- ------- --------

10/17/16 00:00:00 ssss aaaaaa *MASTER* BATCH FAIL 01 IEFENFWT *1C*-06 INI
RESOURCE TYPE & NAME : NAME=name
10/18/16 00:00:00 ssss aaaaaa *MASTER* BATCH FAIL 01 IEFENFWT *1C*-06 INI
RESOURCE TYPE & NAME : NAME=name

I would have expected the default facility STC to be assigned rather than BATCH when issued for JOBNAME(*MASTER*). Program IEFENFWT is apparently IBM's ENF. 'aaaaaa' is the default ACID for the STC table. It is also explicitly assigned to several tasks.

Environment

Release: TOPSEC00200-15-Top Secret-Security
Component:

Resolution

This is not a resource access violation by the STC (started task) itself. The message TSS7100E and the indicator 'INI' in the TSSUTIL entry indicate some type of logon request was initiated within the master address space, probably by the ENF wait program IEFENFWT. Since this is not a logon request as part of an STC initialization, but rather as code running in an active address space, it is using the BATCH facility as the alternative.