SYSVIEW is attempting to alter multiple CICS temporary storage structures
search cancel

SYSVIEW is attempting to alter multiple CICS temporary storage structures

book

Article ID: 208432

calendar_today

Updated On:

Products

SYSVIEW Performance Management

Issue/Introduction

SYSVIEW appears to be attempting to alter CICS Temporary Storage coupling facility structures after reporting a CICS region is short on storage.

 

 

Environment

Release : 15.0

Component : SYSVIEW

Cause

Looking at your SYSVIEW STC log...this error message can be seen multiple times:

ICH408I USER(CASYSVUS) GROUP(STC     ) NAME(CA-SYSVIEW USER STC ) 110
  IXLSTR.CUST_TSQ CL(FACILITY)
  INSUFFICIENT ACCESS AUTHORITY
  FROM IXLSTR.** (G)
  ACCESS INTENT(ALTER  )  ACCESS ALLOWED(NONE   )

Resolution

In order to obtain information from CICS Temporary Storage Queues SYSVIEW uses the IBM IXLCONN macro to access some information. In certain cases, 'ALTER' access to the information . Security must been changed to allow access accordingly.

In order to obtain the information from CICS , ALTER access is required.

Since SYSVIEW is a CICS monitor it needs to be able to function in as many circumstances as possible, even when CICS itself may be experiencing problems. Therefore SYSVIEW cannot afford to use CICS interfaces such as CEMT or even EXEC CICS to obtain information. 

If CICS was experiencing trouble these services may not work or being hanging, etc. which would render SYSVIEW ineffective to help identify the problem. SYSVIEW obtains data directly, by looking at CICS control blocks, etc., which does not require any CICS services.

SYSVIEW needs to actually read this structure in order to display information about the queues that live there. The IBM service IXLCONN that SYSVIEW uses to connect to the structure appears to require ALTER access to the structure, even though SYSVIEW will only ever be reading from it and never writing to it. SYSVIEW is not providing any parameters to the IXLCONN macro that would cause ALTER access.

This is why this authorization is required in the security software:

Class         : FACILITY
Resource  : IXLSTR.cf_structure_name
Authority  : ALTER
Notes        : none

Additional Information

Security Requirements for the SYSVIEW Main Address Space

The following SAF authorizations are required to define a new log stream:
Class     : FACILITY
Resource  : MVSADMIN.LOGR
Authority : ALTER
Notes     : Needed to define a log stream related
                Coupling Facility structure.

Class     : FACILITY
Resource  : MVSADMIN.XCF.CFRM
Authority : ALTER
Notes     : none

Class     : FACILITY
Resource  : IXLSTR.cf_structure_name
Authority : ALTER
Notes     : none

Class     : LOGSTRM
Resource  : log.stream.name
Authority : ALTER
Notes     : Needed to define a log stream or
            alter its characteristics.

Powered by Wolken Software