Security error using OI from console interface in OPSLOG

book

Article ID: 205609

calendar_today

Updated On:

Products

CA OPS/MVS Event Management & Automation

Issue/Introduction

After installing v14, I get an error on my userid when trying to OI a script from OPSLOG that uses HWS.

/>OI REXXPGM

OPM3724T TSO  Sent CMD=OI REXXPGM

OPM3092H OI REXXPGM

TSS7250E 136 J=OPSBCPII A=tsouserid TYPE=IBMFAC RESOURCE=HWI.APPLNAME.HWISERV

OPBCP999E - ( OPIIRQL ) hwiquery failed - no SAF authority

OPM3092H HWS error : ADDRESSHWS - GETATTR failure - No SAF Authorization - RC 16 ; RSC X'00000F02'

OPM0997T *-* 26:Address "HWS" "GETATTR ATTR('"attr"') ENTITY("type"('"entity"'))",

OPM0997T +++     RC(16)

 

Cause

To close security vulnerabilities, the processing of OSF commands issued using the z/OS command prefix specified by the OSFCHAR parameter has been altered. When parameter OSFALLOW is set to YES, such commands that originate from any source other than an MCS console are secured using the credentials of the userid of that issuing unit of work. In prior releases of CA OPS/MVS, those commands are secured using the credentials of the userid specified by the OSFCONSOLE parameter.

Environment

Release : 14.0

Component : OPS/MVS

Resolution

The recommended solution is to give the proper authority in the external security package to the userid that is actually issuing the command. In this case, the TSO userid from where the command was originated.