search cancel

Security Insights - R_datalib Failed - Not authorized to use this service

book

Article ID: 201169

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC LDAP SERVER FOR Z/OS PAM CLIENT FOR LINUX ON MAINFRAME WEB ADMINISTRATOR FOR TOP SECRET

Issue/Introduction

When attempting to bring up SI, on an ACF2 system, the following message appears:

ZWEAM400E Error initializing SSL Context: 'R_datalib (IRRSDL00) error: not RACF authorized to use the requested service (8, 8, 8)' 

 

The Unix report against the SMF type 230 records I get the following:

R_datalib        SISRVR   SIGROUP            0           0   8      8      8   
10/08/20  20.282    9.34.11 SIZSRVRU          ****     OPS                     
Failed - Not authorized to use this service                                    
                                                                               
R_datalib        SISRVR   SIGROUP            0           0   8      8     36   
10/08/20  20.282    9.34.11 SIZSRVRU          ****     OPS                     
Failed - dbToken error.

Environment

Release : 16.0

Component : CA ACF2 for z/OS

Resolution

Acf2 requires that the user must have IRR.DIGTCERT.LISTRING resource READ access in the FACILITY class when using a KEYRING owned by that user.

Additional Information

Example to grant SISRVR access to the keyring:

SET RESOURCE (FAC)

RECKEY IRR.DIGTCERT.LISTRING add(UID(SISRVR) SERVICE(READ) ALLOW)

https://techdocs.broadcom.com/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/administrating/administer-records/user-profile-records/keyring-profile-data-records.html