I installed XCOM maintenance and am now getting a TSS7251E error message on a few jobs. I tried to send a file from my sandbox system to a prod system and am getting the same error.
TSS7250E 136 J=ISIG062X A=acid TYPE=IBMFAC RESOURCE=XCOM.XCOM.IP.xxxxx.xxxxx.xxx
TSS7251E Access Denied to IBMFAC <XCOM.XCOM.IP.xxxxx.xxxxx.xxx.SEND.L>
TSS7250E 136 J=ISIG062X A=acid TYPE=IBMFA RESOURCE=XCOM.XCOM.IP.xxxxx.xxxxx.xxx.SEND.L
I then backed out the maintenance on my sandbox system and tried to do the send again and it works. What maintenance caused this and is there a way around this? The maintenance that was applied was:
LU00362, LU00456, LU00503, LU00522, LU00578, LU00599, LU00709, LU00874, LU01142, SO08497, SO08534, SO08911, SO09175, SO09365, SO10357, SO10489, SO10568, SO10650, SO10674, SO10681, SO10780, SO10899, SO10939, SO11032, SO11202, SO11229, SO11612, SO11793, SO12302, SO12331, SO12699, SO12770, SO12772, SO12952, SO13073, SO13208, SO13247, SO13287, SO13429, SO13524, SO13599, SO13614, SO13797, SO13806, SO13946, SO13971, SO13980, SO14571, SO14821, SO14959, SO15002, SO15120, SO15134, SO15319, SO15503, SO15788, SO15794, SO15844, SO15849, SO15932, SO15969, SO15981, SO16100
Release : 12.0
Component : CA XCOM Data Transport for z/OS
The cause of the Top Secret messages was related to the userid not having the proper authorization. The maintenance applied does have several fixes that address security problems.
The userid used for the transfer be it, a define XCOM trusted userid or non XCOM trusted userid, will need to have the proper authorization to access whatever resource that it will use. In this case, the userid will require to have the proper access to the LUSECURE resource name for the requested transfer, since LUSECURE=YES had been specified in the CONFIG member.
The one fix that was applied, LU00456, is the one providing you with the Top Secret security violations. The fix does correct a security problem related to LUSECURE where SAF errors are not being handled properly.
The alternative would be to set LUSECURE=NO.