After implementing Datacom external security, CA 7 fails at startup with the following message:

DUMP TITLE=CA 7 Unexpected Datacom Return Code                                                                   
  L2PDR01E DBTSK001 SCTNAME=SASSCHED                                                                        
  CMD=RDUKX RC=15(139)  TBL=ZRO KEYN=ZROK1

Release : 12.0, 12.1

Security definitions not defined.

The user id assigned to the CA 7 started task does not have the required access to the  CA7ONL. This id need access to the following recourses. See sample security members from the CAL2OPTN data set (AL2RACFD, AL2ACF2D,AL2TSSD)

For RACF (AL2RACFD)

* DC@ABLE controls access to the Datacom tables used   
* by CA 7 and SQL (see prodhlq.CAL2SQL). DB00002 and   
* DB00015 contain Datacom data dictionary information. 
* DB01000 is used by CA 7 to access Datacom system     
* tables. PERMITs further down will allow access.      
*                                                      
RDEFINE DC@ABLE cxxname.DB00002.* UACC(NONE)           
RDEFINE DC@ABLE cxxname.DB00015.* UACC(NONE)           
RDEFINE DC@ABLE cxxname.DB00770.* UACC(NONE)           
RDEFINE DC@ABLE cxxname.DB01000.* UACC(NONE)           

*  Set CA 7's access                                         
*                                                            
PERMIT cxxname.DB00770.* CLASS(DC@ABLE) ID(CA7STC) ACC(ALTER)
PERMIT cxxname.DB01000.* CLASS(DC@ABLE) ID(CA7STC) ACC(READ) 

For Top Secret (AL2TSSD)

TSS PER(ca7xxx) DCTABLE(cxxname.DB00770.) ACCESS(ALL) 
TSS PER(ca7xxx) DCTABLE(cxxname.DB01000.) ACCESS(READ)

For ACF2 (AL2ACF2D)

SET RESOURCE(DCT)                                                              
RECKEY cxxname ADD(DB00770.- UID(ca7uid) SERVICE(READ,ADD,DELETE,UPDATE) ALLOW)
RECKEY cxxname ADD(DB01000.- UID(ca7uid) SERVICE(READ) ALLOW)      

After security update has been completed,  update the security changes to the CA7 Datacom MUF by issuing the modify command:

F ca7muf,SECURITY RESET