Top Secret TSSOERPT Report Shows CEA
Article ID: 18225
Updated On:
Products
Cleanup
WEB ADMINISTRATOR FOR TOP SECRET
Top Secret
Top Secret - LDAP
Issue/Introduction
When running the TSSOERPT, the following entries are seen:
initUSP *BYPASS* * 999997 99 0 0 0 04/20/14 14.110 4.53.45 CEA A580 Successful - UID or GID came from BPX.DEFAULT.USER Home : /u/oedflta Program : /bin/sh ck_access *BYPASS* * 999997 99 8 8 4 04/20/14 14.110 4.53.45 CEA A580 Failed - User not authorized to access file Function: mknod User Type: Local Requested Access: Write Name flag: Use CRED_name_flag to determine pathname Pathname: /var/CEAServer Filename: var File Permissions: Owner: rwx Group: rwx Other: r-x Owning UID: 0 Owning GID: 20 Volume : OMVS0F File Identifier: 01D6D4E5E2F0C600012D000000000003
Is the CEA address space something new?
Is this task something that requires a definition in Top Secret?
Environment
Release:
Component: AWAGNT
Component: AWAGNT
Resolution
CEA is for Common Event Adapter (CEA) which is a z/OS component that enables the delivery of z/OS management data to clients, such as the CIM server. Just like any other started task, an ACID needs to be created for the started task and given a valid OMVS segment and the user authorized accordingly. Please refer to the IBM manuals for the security requirements.
Then the ACID needs to be associated with the started task by adding it to the STC table. For example:
TSS ADD(STC) ACID(CEAACID) PROCNAME(CEA)
Listing of acid CEAACID
ACCESSORID = CEAACID NAME = CEAACID
TYPE = USER SIZE = 512 BYTES
FACILITY = STC
FACILITY = APPC
DEPT ACID = DEPT DEPARTMENT = DEPT
DIV ACID = DIV DIVISION = DIV
CREATED = 04/15/97 00:00 LAST MOD = 01/05/09 15:45
LAST USED = 05/02/14 06:54 CPU(ABCD) FAC(STC ) COUNT(04923)
DFLTGRP = OMVSGRP
XA DATASET = OMVS. OWNER(DSNDEPT )
ACCESS = ALL
XA SERVAUTH= EZB. OWNER(DSNDEPT)
ACCESS = READ
----------- SEGMENT OMVS
UID = 0000000000
Feedback
Yes
No
Powered by
