TSS0384E RESOURCE NOT FOUND IN SECURITY RECORD in Top Secret

book

Article ID: 197998

calendar_today

Updated On:

Products

CA Top Secret CA Top Secret - LDAP CA Web Administrator for Top Secret

Issue/Introduction

Can not revoke the following LOGSTRM resource from profile. 

XA LOGSTRM = CICSLOG*.*.DFHJ15  
   ACCESS  = ALL                
XA LOGSTRM = CICSLOG*.*.DFHLOG  
   ACCESS  = ALL                
XA LOGSTRM = CICSLOG*.*.DFHSHUNT
   ACCESS  = ALL              


TSS REV(3-SPCICS)LOGSTRM(CICSLOG*.*.DFHJ15)ACC(ALL)  

The messages are:

TSS0384E  RESOURCE NOT FOUND IN SECURITY RECORD      
TSS0301I  REVOKE   FUNCTION FAILED, RETURN CODE =  8

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

  • The 'TSS PERM(3-SPCICS) LOGSTRM(CICSLOG*.*.DFHJ15) was done when the class was ATTR=NOMASK.
  • ATTR=NOMASK was changed to ATTR=MASKABLE and issued a 'TSS REVO(3-SPCICS) LOGSTRM(CICSLOG*.*.DFHJ15).

This returns the following error message:

TSS0384E RESOURCE NOT FOUND IN SECURITY RECORD

*The error message is returned because the procedure to change from MASK to NOMASK was not followed*


The procedure to change the a resource class from NOMASK to MASK in the RDT is as follows:

1) Revoke ALL permits in the resource class. (Issue TSS WHOOWNS resource(*) to see all ownerships and then TSS WHOHAS *resource*(xxxx) for each 'xxxx' that shows up in the WHOHAS output. Save the WHOOWNS and WHOHAS output.) TSS REVOKE(acid) *resource*(xxxx) 

2) Remove ALL ownerships in the resource class. TSS REMOVE(dept) *resource*(xxxx) for each 'xxxx' that shows up in the TSS WHOOWNS resource(*) output in step 1. 

3) If SECCACHE is not active, skip to step 4. If SECCACHE is active, SECCACHE must be turned off before changing NOMASK to MASK in the RDT

a. Find the SECCACHE control option in your TSS parameter file. Note the settings for when SECCACHE is reactivated. 

b. To turn off SECCACHE, issue: TSS MODIFY SECCACHE(OFF)

c. Change the RDT entry to maskable: TSS REPLACE(RDT) RESCLASS(resclass) ATTR(MASK)

d. To reactivate SECCACHE, issue: TSS MODIFY SECCACHE(SIZE=xxxx,INDEX=xxxxx,EXP=x,WARN=xx) where the values for the parameters match what you have in the TSS parameter file. 

e. Skip to step 5 since step 4 was done in step 3c. 

NOTE: The TSS REVOKE and TSS REMOVE commands done before changing NOMASK to MASK and the TSS ADDs and TSS PERMITs after changing NOMASK to MASK can be done with either SECCACHE active or turned off. 

4) Change *resource* from NOMASK to MASK. TSS REPLACE(RDT) RESCLASS(*resource*) ATTR(MASK) 

5) Re-ADD all the ownerships that were removed in step 2. TSS ADD(dept) *resource*(xxxx) for each 'xxxx' that shows up in the TSS WHOOWNS *resource*(*) output in step 1. 

6) Redo all the permits that were revoked in step 1. Be sure to include the ACCESS and any other restrictions (ie DATE, TIMES, etc) that were on the old permits.

 

NOTE: please insert whichever resource class that applies into (*resource*)