How to verify CA 1 Security checks from OCEOV are performed

book

Article ID: 131494

calendar_today

Updated On:

Products

CA 1 Tape Management CA 1 Tape Management - Copycat Utility CA 1 Tape Management - Add-On Options

Issue/Introduction



With CA 1 option OCEOV set to YES, CA 1 should check for CLASS DATASET at OPEN.
Is there an easy way to verify if these security calls from CA 1 are performed?

Environment

Release:
Component: 1

Resolution

Depending on the external security Product traces might be used to verify the security checks from CA 1.
Another possibility is to run a Tape Job against a Data set for which the user does not have sufficient access.
If the security check was performed from CA 1 because of OCEOV YES, this results in the violation messages from
the external security product and CA 1 messages CAL0C0SF and IEFTMS50 9XX-nn.

For example User userxxx tried to create Tape Data Set DATA.SET.NOACCESS with Top Secret as external Security:

TSS7220E 102 J=JOBXXXX A=USERXXX VOL=S00016 ACC=UPDATE DSN=DATA.SET.NOACCESS                             
TSS7227E UPDATE Access Not Granted to Dataset DATA.SET.NOACCESS                                           
CAL0C0SF 08 102 USERXXX /TESTFILE/xxxxxxx. TSS7227E UPDATE Access Not Granted to Dataset DATA.SET.NOACCESS
IEFTMS50 9XX- 04 JOBXXXX,STEPXXX ,DDXXX ,0E57,S00016,00001,DATA.SET.NOACCESS                              
IEFTMS50 ***** CA 1 ABEND,F1,04 *****                  **  
                                                 


 

Additional Information

For details on IEFTMS50 9xx Messages see:
9xx-rc SECURITY VIOLATION