After XCOM maintenance getting TSS errors
search cancel

After XCOM maintenance getting TSS errors

book

Article ID: 218778

calendar_today

Updated On:

Products

XCOM Data Transport - z/OS

Issue/Introduction

I installed XCOM maintenance and am now getting a TSS7251E error message on a few jobs.   I tried to send a file from my sandbox system to a prod system and am getting the same error. 

TSS7250E 136 J=ISIG062X A=acid TYPE=IBMFAC RESOURCE=XCOM.XCOM.IP.xxxxx.xxxxx.xxx
TSS7251E Access Denied to IBMFAC <XCOM.XCOM.IP.xxxxx.xxxxx.xxx.SEND.L>           
TSS7250E 136 J=ISIG062X A=acid TYPE=IBMFA  RESOURCE=XCOM.XCOM.IP.xxxxx.xxxxx.xxx.SEND.L            

I then backed out the maintenance on my sandbox system and tried to do the send again and it works.  What maintenance caused this and is there a way around this?    The maintenance that was applied was:     

LU00362, LU00456, LU00503, LU00522, LU00578, LU00599, LU00709,  LU00874, LU01142, SO08497, SO08534, SO08911, SO09175, SO09365, SO10357, SO10489, SO10568, SO10650, SO10674, SO10681, SO10780, SO10899, SO10939, SO11032, SO11202, SO11229, SO11612, SO11793, SO12302, SO12331, SO12699, SO12770, SO12772, SO12952, SO13073, SO13208, SO13247, SO13287, SO13429,  SO13524, SO13599, SO13614, SO13797, SO13806, SO13946, SO13971, SO13980, SO14571, SO14821, SO14959, SO15002, SO15120, SO15134, SO15319, SO15503, SO15788, SO15794, SO15844, SO15849, SO15932, SO15969, SO15981, SO16100         


                                                                                                                                                                                                                  

 

Environment

Release : 12.0

Component : CA XCOM Data Transport for z/OS

Cause

The cause of the Top Secret messages was related to the userid not having the proper authorization. The maintenance applied does have several fixes that address security problems.

Resolution

The userid used for the transfer be it, a define XCOM trusted userid or non XCOM trusted userid, will need to have the proper authorization to access whatever resource that it will use. In this case, the userid will require to have the proper access to the LUSECURE resource name for the requested transfer, since LUSECURE=YES had been specified in the CONFIG member.

The one fix that was applied, LU00456, is the one providing you with the Top Secret security violations. The fix does correct a security problem related to LUSECURE where SAF errors are not being handled properly.

The alternative would be to set LUSECURE=NO.

Powered by Wolken Software