When upgrading from CICS TS 5.3 to 5.5, you tried to bring up CMAS tasks which crashed with the following error:
EYUXL0158E TCHACMAS Security profile for TRANSATTACH BMLT is incorrect: READ=NOTREADABLE
Another possible symptom is:
User (acid) not authorized for required access (READ) for resource (MENU EYUSTARTMENU).
A CICS trace for COVA (WUI Tran) shows the QUERY SECURITY RESCLASS is returning CVDA 36 which is not readable.
Verify if Top Secret r16 Apars SO07159 and SO11115 are applied:
Once the fixes are applied, verify with your Top Secret administrator that the Top Secret parameter file contains the following:
FAC(name_of_cics_facility=BYPREM(TRANID=CPLT))
Note: This should be done for every CMAS facility.
A recycle of Top Secret is needed to pickup the change.
If the CICS region ACID has NORESCHK/NOLCFCHK, neither of these bypass attributes need to be removed nor does CPLT need to be permitted to the CICS region ACID. Just remove CPLT from the bypass list so the query security processing and a CMAS region can work ok.
To ensure the CMAS region is picking up both SO07159 and SO11115, STEPLIB to the Top Secret r16 CAKOLINK library in the CMAS started task.
If the CICS SIT option is set to XTRAN=NO, change it to XTRAN=YES.
Under CTS 5.5, IBM introduced a new call to process query security and a new xsrc plist. This now requires the call to go further into Top Secret security processing, which also requires the XTRAN=YES option to be set either in the CICS SIT or the CICS facility matrix in Top Secret.
To remove transaction COVA from the TRANID bypass list, use:
FAC(name_of_cics_facility=BYPREM(TRANID=COVA))
Note: This should be done for every CMAS facility.
Transaction CPLT (and/or COVA) can be added to the RESOURCE=TRANS BYPASS list and the QUERY SECURITY will still work. For example:
FAC(name_of_cics_facility=BYPADD(TRANS=CPLT))