search cancel

Top Secret, Verify user access to formatted CEEDUMP and DYNDUMP dump reports Description

book

Article ID: 134115

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

Starting in z/OS V2R3 and APAR PI54392 on prior releases, access to formatted CEEDUMP and DYNDUMP dump reports can be restricted to certain users.

As a result of this change, CEEDUMP and TRANSACTION DUMP dump reports might be restricted without the following messages being issued:

CEE3880I dump-type HAS BEEN SUPPRESSED - USER IS NOT AUTHORIZED

CEE3880I dump-type HAS BEEN SUPPRESSED - PROGRAM IS RUNNING IN AN AUTHORIZED KEY

CEE3880I dump-type HAS BEEN SUPPRESSED - PROGRAM IS RUNNING WITH JSCBPASS ON


Steps to take

1. If you have Program Facility Language Environment applications, identify programs that are under program control. For a RACF installation, you can use the following command:

RLIST PROGRAM *

2. Ensure that users who must be able to obtain Language Environment dumps are permitted to the IEAABD.DMPAUTH resource.

3. For authorized key Language Environment applications, look for Language Environment programs that have a PPT entry that assigns the program a protection key of less than 8.

4. Ensure that users who must be able to obtain Language Environment resources are permitted to the IEAABD.DMPAKEY resource.


What is the CA Top Secret equivalent for "RLIST PROGRAM *"?  Besides users should IEAABD.DMPAUTH resource be permitted to Started Task?

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

What is the CA Top Secret equivalent for "RLIST PROGRAM *"? The RACF RLIST PROGRAM TSS TSS WHOHAS PROGRAM(*)