After logging on successfully to z/OSMF, the following message is received when selecting an item for the workspace:

CWWKS9104A: Authorization failed for user xxxxxxx while invoking IzuManagementFacilityProvisioning on /js/zosmf/nls/taskBundle.js. The user is not granted access to any of the required roles: [izuUsers].

A similar message above is generated for each item selected.

Release : 16.0

Component : CA Top Secret for z/OS

The security trace showed an EJBROLE check for the following resource:

IZUDFLT.IzuManagementFacilityProvisioning.izuUsers            

The check was issued with LOG=NONE, which means do not log the event. This is why there isn’t an event in the TSSUTIL report nor a TSS message indicating access denied.

To allow access in this case:

TSS ADD(dept) EJBROLE(IZUDFLT.)    (if not already done)
TSS PERMIT(acid) EJBROLE(IZUDFLT.IzuManagementFacilityProvisioning.izuUsers)

Where
‘dept’ is the department ACID you want to own the resource
‘acid’ is the user’s ACID, an attached profile, or the ALL record if all users should have access.

Other EJBROLE resources that may be checked and need permits for are:

IZUDFLT.IzuManagementFacilityIncidentLog.izuUsers
IZUDFLT.IzuManagementFacilityImportUtility.izuUsers
IZUDFLT.IzuManagementFacilityISPF.izuUsers
IZUDFLT.IzuManagementFacilityWorkloadManagement.izuUsers
IZUDFLT.IzuManagementFacilitySoftwareDeployment.izuUsers