EYUXL0158E or EYUXL0159E error when upgrading from CICS TS 5.3 to 5.5
search cancel

EYUXL0158E or EYUXL0159E error when upgrading from CICS TS 5.3 to 5.5

book

Article ID: 187886

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

When upgrading from CICS TS 5.3 to 5.5, you tried to bring up CMAS tasks which crashed with the following error:

EYUXL0158E TCHACMAS Security profile for TRANSATTACH BMLT is incorrect: READ=NOTREADABLE

Another possible symptom is:

User (acid) not authorized for required access (READ) for resource (MENU EYUSTARTMENU). 

A CICS trace for COVA (WUI Tran) shows the QUERY SECURITY RESCLASS is returning CVDA 36 which is not readable.



 

Environment

  • Release : 16.0
  • Component : CA Top Secret for z/OS

Resolution

Verify if Top Secret r16 Apars SO07159 and SO11115 are applied:

  • SO07159: CICS TS 5.5 EXEC CICS QUERY SECURITY CALL FAILS
  • SO11115: CICS TS 5.5 EXEC CICS QUERY SECURITY CALL FAILS

Once the fixes are applied, verify with your Top Secret administrator that the Top Secret parameter file contains the following:

FAC(name_of_cics_facility=BYPREM(TRANID=CPLT))

Note: This should be done for every CMAS facility.

A recycle of Top Secret is needed to pickup the change.

If the CICS region ACID has NORESCHK/NOLCFCHK, neither of these bypass attributes need to be removed nor does CPLT need to be permitted to the CICS region ACID. Just remove CPLT from the bypass list so the query security processing and a CMAS region can work ok.

To ensure the CMAS region is picking up both SO07159 and SO11115, STEPLIB to the Top Secret r16 CAKOLINK library in the CMAS started task.

If the CICS SIT option is set to XTRAN=NO, change it to XTRAN=YES.

Under CTS 5.5, IBM introduced a new call to process query security and a new xsrc plist. This now requires the call to go further into Top Secret security processing, which also requires the XTRAN=YES option to be set either in the CICS SIT or the CICS facility matrix in Top Secret.

To remove transaction COVA from the TRANID bypass list, use:

FAC(name_of_cics_facility=BYPREM(TRANID=COVA))

Note: This should be done for every CMAS facility.

Transaction CPLT (and/or COVA) can be added to the RESOURCE=TRANS BYPASS list and the QUERY SECURITY will still work. For example:

FAC(name_of_cics_facility=BYPADD(TRANS=CPLT))
Powered by Wolken Software