Starting in z/OS V2R3 and APAR PI54392 on prior releases, access to formatted CEEDUMP and DYNDUMP dump reports can be restricted to certain users.
As a result of this change, CEEDUMP and TRANSACTION DUMP dump reports might be restricted without the following messages being issued:
CEE3880I dump-type HAS BEEN SUPPRESSED - USER IS NOT AUTHORIZED
CEE3880I dump-type HAS BEEN SUPPRESSED - PROGRAM IS RUNNING IN AN AUTHORIZED KEY
CEE3880I dump-type HAS BEEN SUPPRESSED - PROGRAM IS RUNNING WITH JSCBPASS ON
Steps to take
1. If you have Program Facility Language Environment applications, identify programs that are under program control. For a RACF installation, you can use the following command:
RLIST PROGRAM *
2. Ensure that users who must be able to obtain Language Environment dumps are permitted to the IEAABD.DMPAUTH resource.
3. For authorized key Language Environment applications, look for Language Environment programs that have a PPT entry that assigns the program a protection key of less than 8.
4. Ensure that users who must be able to obtain Language Environment resources are permitted to the IEAABD.DMPAKEY resource.
What is the CA Top Secret equivalent for "RLIST PROGRAM *"? Besides users should IEAABD.DMPAUTH resource be permitted to Started Task?
Release : 16.0
Component : CA Top Secret for z/OS
The RACF command
Top Secret command
TSS WHOHAS PROGRAM(*)