ACF2 - CAS2312E Access Denial messages on new release of Websphere

book

Article ID: 211309

calendar_today

Updated On:

Products

CA ACF2 - z/OS CA ACF2

Issue/Introduction

During initial startup of a new version of WebShpere STC, observe multiple errors :
 CAS2312E - Update Access Denied and Alter Access Denied    .... messages from the Unix file system servant process.  

Current HFS resource rules allows the owner of the STC  and updated the keys to allow access. 
The OMVS segments and LIDS were validated as correct, but the access denied messages persist on startup.  

 

Cause

Rules for the specific SYSID where the new release of WebSphere is running needed modification.

Environment

Release : 16.0
Component : CA ACF2 for z/OS

Resolution

- Review the ACFRPTRV report to identify the offending rule-set (ROLE or Rule)

Updating the rule-set may be required, identifying the proper ROLE or Rule that will need modification to accommodate STC {user-id}  for HFS file access that is 
missing as per the RV report. 

It is possible that a specific rule-set is missing for the SYSID in consideration.

If file authentication failure appears to be on a specific Lpar, .
Recommend that the rule-set update should be targeted for this specific LPAR / SYSID.

The process to authenticate file access when ACF2 is activated in a unix environment, requires valid ACF2 resource rules for file authentication. 
The presence of UID(0) is not valid for 'file authentication'.