CWWKS9104A With z/OSMF And Top Secret

book

Article ID: 225411

calendar_today

Updated On:

Products

CA Top Secret

Issue/Introduction

After logging on successfully to z/OSMF, the following message is received when selecting an item for the workspace:

CWWKS9104A: Authorization failed for user xxxxxxx while invoking IzuManagementFacilityProvisioning on /js/zosmf/nls/taskBundle.js. The user is not granted access to any of the required roles: [izuUsers].

A similar message above is generated for each item selected.

Environment

Release : 16.0

Component : CA Top Secret for z/OS

Resolution

The security trace showed an EJBROLE check for the following resource:

IZUDFLT.IzuManagementFacilityProvisioning.izuUsers            

The check was issued with LOG=NONE, which means do not log the event. This is why there isn’t an event in the TSSUTIL report nor a TSS message indicating access denied.

To allow access in this case:

TSS ADD(dept) EJBROLE(IZUDFLT.)    (if not already done)
TSS PERMIT(acid) EJBROLE(IZUDFLT.IzuManagementFacilityProvisioning.izuUsers)

Where
‘dept’ is the department ACID you want to own the resource
‘acid’ is the user’s ACID, an attached profile, or the ALL record if all users should have access.

Other EJBROLE resources that may be checked and need permits for are:

IZUDFLT.IzuManagementFacilityIncidentLog.izuUsers
IZUDFLT.IzuManagementFacilityImportUtility.izuUsers
IZUDFLT.IzuManagementFacilityISPF.izuUsers
IZUDFLT.IzuManagementFacilityWorkloadManagement.izuUsers
IZUDFLT.IzuManagementFacilitySoftwareDeployment.izuUsers