EWSMSG08 ACCESS DENIED FOR OBJECT=DTOC4SYS
search cancel

EWSMSG08 ACCESS DENIED FOR OBJECT=DTOC4SYS

book

Article ID: 218096

calendar_today

Updated On:

Products

Vantage Storage Resource Manager

Issue/Introduction

Recently installed the new ca-vantage and I'm getting the following message when i try to execute a script

Ewsmsg08 access denied for object=dtoc4sys 

VKG0134I Access Denied for Object=DUPEDSNS

Environment

Release : 14.0

Component : CA Vantage Storage Resource Manager

Resolution

In the past, we have seen the same problem if the user didn't have READ access to 

SYSSSM.FUNC.I.

" Vantage SRM allows you to define user access rules to the CA Vantage SRM objects themselves. CA Vantage SRM uses SAF to check for object access rules every time an end-user selects an object from one of the client interfaces, rejecting access whenever appropriate."

 

Here a link for your security team.

Security

'Grant Users Access to Objects' in the Reference Guide - Security .

 

Grant Users Access to Objects

When you activate the security support, CA Vantage SRM can control who logs on, what objects they can access, and allow them to perform actions upon the objects while maintaining a secure environment. It does this by using the IBM SAF interface, upon which nearly all security systems are built, including CA ACF2, RACF, and CA Top Secret. If you do not activate the security support, anyone can logon, compromising security, but CA Vantage SRM automatically limits the product to its viewing functions only, in such cases users cannot perform any actions on what they view.

When security support is activated, CA Vantage SRM requires all users to provide their logon IDs and passwords at logon time, and immediately passes them to your security system. As usual, unknown users or invalid passwords cause your security system to reject the logon request.

In addition to this logon check, CA Vantage SRM allows you to define user access rules to the CA Vantage SRM objects themselves. CA Vantage SRM uses SAF to check for object access rules every time an end user selects an object from one of the client interfaces, rejecting access whenever appropriate.

Do not activate support for security checking until you have defined the object access rules as described in the following section.

 

Powered by Wolken Software