CASFSERV(CSFDSG) security violation by CA LDAP started task.

book

Article ID: 15426

calendar_today

Updated On:

Products

CA-24X7 High-Availability Manager for DB2 for z/OS CA-Batch Processor Compile QQF CA Data Compressor for DB2 for z/OS Data Navigator for DB2 UDB for z/OS CA-DB Delivery for DB2 CA Unicenter NSM CA Log Compress DBA for DB2 Guide Online CA InfoRefiner Advantage InfoRefiner Advantage InfoRefiner Maint Upgrade CA InfoTransport Advantage InfoTransport Maint Upgrade Online Reorg for DB2 for z/OS CA RC/Update for DB2 for z/OS Query Analyzer RI Editor for DB2 for z/OS DB2 TOOLS- DATABASE MISC

Issue/Introduction

Resolving a security violations for CASFSERV(CSFDSG) for CA LDAP started task.



CALDAP receives a:

 TSS7251E Access Denied to CSFSERV <CSFDSG>

Please let me know why CALDAP is asking for this function and throwing this message.

Environment

Release:
Component: GEN

Resolution

CA LDAP started task acid was receiving security violations for CSFSERV(CSFDSG) which was valid because there was no PERMIT for it on the acid. Once you PERMITted the acid, the security violations went away.

According to the following IBM doc::

https://www.ibm.com/support/knowledgecenter/SSLTBW_1.13.0/com.ibm.zos.r13.gska100/csfserv.htm

CSFSERV(CSFDSG) authority is required for:
1. RSA Digital Signature Generation
2. ECC Digital Signature Generation

Since CA LDAP uses these services, the PERMITs for CSFSERV(CSFDSG) need to be given the to CA LDAP started task.

TSS PER(caldapstartedtaskacid)  CASFSERV(CSFDSG) ACC(ALL(

will resolve the security violation.