"DROP connection process failed RACF authorization checking" Error With NETSTAT DROP In z/OS 1.12
search cancel

"DROP connection process failed RACF authorization checking" Error With NETSTAT DROP In z/OS 1.12

book

Article ID: 21873

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

With z/OS 1.12, the NETSTAT DROP command appears to be protected because the following RACF error is received with this command:

DROP connection process failed RACF authorization checking
+++ RC(-1) +++

Solution:

The following CA Top Secret administration is needed to allow the access:

TSS ADD(dept) OPERCMDS(MVS.VARY) (if not already done)
TSS PER(ALL) OPERCMDS(MVS.VARY) ACTION(PASSWORD,FAIL)

(This will cause TSS to pass back a RC of 04 on the security call, similar to if the resource was unowned. This will prevent other commands from failing when OPERCMDS(MVS.VARY) is owned.)

TSS PER(acid) OPERCMDS(MVS.VARY.TCPIP.DROP) ACC(CONTROL) for the users that need access to the NETSTAT DROP command.

Environment

Release:
Component: AWAGNT
Powered by Wolken Software