TSS7257E Security violation for CECI QUERY SECURITY command
search cancel

TSS7257E Security violation for CECI QUERY SECURITY command

book

Article ID: 198650

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

Issuing a:

CECI QUERY SECURITY RESTYPE('TRANSATTACH') RESID('CEMT')

The following message briefly appears on the screen:

TSS7257E Unauthorized Access Level for OTRAN <CEMT>

The message goes away and then the output of the QUERY command is displayed successfully.

If the command is issued multiple times, it suspends the users userid but a violation report shows no violations occurred. 

If the NOLOG option is added to the command, the issue does not occur. 

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

Reviewed a  Top Secret DIAGTRAP dump for the security violation.

'CECI QUERY SECURITY RESTYPE('TRANSATTACH') RESID('CEMT')'.

4 security calls for ACCESS READ, UPDATE, CONTROL and UPDATE are made for the CECI QUERY.

If user is only authorized to OTRAN(CEMT) with ACCESS(READ), then the other 3 security calls will receive the
TSS7257E security violation message and the response will be:

QUERY SECURITY RESTYPE('TRANSATTACH') RESID('CEMT')
STATUS: COMMAND EXECUTION COMPLETE NAME=
EXEC CICS Query Security
( RESType( 'TRANSATTACH ' ) | RESClass() RESIDLength() )
RESID( 'CEMT ' ... )
< LOGMessage() | LOG | Nolog >
< REAd( +0000000035 ) > <- READABLE
< Update( +0000000038 ) > <- NOT UPDATEBLE
< Control( +0000000057 ) > <- NOT CTRLABLE
< Alter( +0000000053 ) > <- NOT ALTERABLE

RESPONSE: NORMAL EIBRESP=+0000000000 EIBRESP2=+0000000000

Product is working as designed.

Specifying NOLOG on the CECI QUERY SECURITY will suppress the TSS7257E message and the correct response codes will be received from CICS.

Powered by Wolken Software