search cancel

Started task receives ACF2 mesage ACF01100 NOT AUTHORIZED FOR GROUP STCGROUP at startup

book

Article ID: 188599

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

New started task ESMPROC (CCS USS task for Security Micro Service) is failing at startup with following error:

S ESMPROC                                                   
ACF01100 NOT AUTHORIZED FOR GROUP STCGROUP                  
Userid for task is defined as:

l esmserv                                                                                                                    
  ESMSERV              99OSMVSESMESMSERV  ESM MICROSERVICE                                                                   
                       APPL(ESM) DEPT(MVS) DIV(OS) ORG(99)                                                                   
  PRIVILEGES           STC                                                                                                   
  ACCESS               ACC-CNT(0) ACC-DATE(00/00/00) ACC-TIME(00:00)                                                         
  PASSWORD             KERB-VIO(0) KERBCURV() PSWA1TOD(00/00/00-00:00) PSWA2TOD(00/00/00-00:00) PSWD-DAT(00/00/00) PSWD-INV(0)
                       PSWD-TOD(00/00/00-00:00) PSWDCVIO(0) PWP-DATE(00/00/00) PWP-VIO(0)                                    
  TSO                  DFT-PFX(ESMSERV)                                                                                      
  STATISTICS           CRE-TOD(01/12/20-14:48) SEC-VIO(0) UPD-TOD(02/03/20-10:25)                                            
  RESTRICTIONS         GROUP(OMVSGRP) PREFIX(ESMSERV)                                                                        
 ACF                                                                                                                         

UID is in STC table:

sh stc                        
 -- STARTED TASK TABLE --     
                              
  STCID     LOGONID   GROUP   
  ========  ========  ======= 
                              
  DFS*****  DFS               
  ESMPROC   ESMSERV   STCGROUP

What is missing?

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

1. The userid is not allowed access to group STCGROUP... Change the logonid to be in group STCGROUP instead of OMVSGRP

2) The STC record entry specifies GROUP(STCGROUP)... change the STC record to match the group in the logonid record GROUP(OMVSGRP)

3) If you want the logonid and STC records to remain asis.... Write a resource rule of TYPE(TGR) and KEY(STCGROUP) and give logonid ESMSERV access.

Any of these solutions will resolve the problem.