Using Sailpoint IIQ connector on an ACF2 system, no logon stats are being updated for the ids used by Sailpoint.
Article ID: 192005
Updated On:
Products
ACF2
ACF2 - z/OS
ACF2 - MISC
Issue/Introduction
The Sailpoint IIQ connector is installed on the mainframe.
There is a connector started task that communicates with the server that spawns other started tasks for doing work.
With the spawned started task (CTSACS) when ids are created/modified, it utilizes an id with ACCOUNT and SECURITY on an ACF2 system.
This logonid does not get updated with stats (like acc-cnt or acc-date).
This could cause the ids be deleted do to inactivity.
There is a connector started task that communicates with the server that spawns other started tasks for doing work.
With the spawned started task (CTSACS) when ids are created/modified, it utilizes an id with ACCOUNT and SECURITY on an ACF2 system.
This logonid does not get updated with stats (like acc-cnt or acc-date).
This could cause the ids be deleted do to inactivity.
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
Sailpoint has created a fix, FSD0102. Here are the details from Sailpoint:
"When verifying the MS administrator, the user has the option of requesting the site's security product to update the logon statistics, e.g., logon date and time. The new RSSPARM parameter is UPDATE_LOGON_STATS. When UPDATE_LOGON_STATS is set to Y, the site's security product updates the logon statistics when verifying the MS administrator. When UPDATE_LOGON_STATS is set to N or not present in the RSSPARM member, the site's security product does not update the logon statistics when verifying the MS administrator.
In addition, we issue a RACROUTE REQUEST=VERIFY with STAT=NO (do not update statistics) or STAT=ASIS (do update statistics) – depending on the RSSPARM UPDATE_LOGON_STATS parameter setting. These are all standard interfaces. We do not issue any SVC call and we do not bypass normal security processing."
Contact Sailpoint Support for more information.
"When verifying the MS administrator, the user has the option of requesting the site's security product to update the logon statistics, e.g., logon date and time. The new RSSPARM parameter is UPDATE_LOGON_STATS. When UPDATE_LOGON_STATS is set to Y, the site's security product updates the logon statistics when verifying the MS administrator. When UPDATE_LOGON_STATS is set to N or not present in the RSSPARM member, the site's security product does not update the logon statistics when verifying the MS administrator.
In addition, we issue a RACROUTE REQUEST=VERIFY with STAT=NO (do not update statistics) or STAT=ASIS (do update statistics) – depending on the RSSPARM UPDATE_LOGON_STATS parameter setting. These are all standard interfaces. We do not issue any SVC call and we do not bypass normal security processing."
Contact Sailpoint Support for more information.
Feedback
Yes
No
Powered by
