IBM Multi Factor Authentication MFA changes in AZFEXEC not being saved
Article ID: 225459
Updated On:
Products
ACF2 - z/OS
Issue/Introduction
AZFEXEC utility is not saving configuration data
the ACF2 provided R_factor callable service function 2, set general factor data, is not saving the MFA factor data when MFA performs the call.
Environment
Release : 16.0
Component : CA ACF2 for z/OS
Resolution
Define the AZFSTC Factor and Run the AZFEXEC Clist
The following steps are required to define the AZFSTC factor:
Define the AZFSTC factor record for the IBM MFA started task:
SET CONTROL(FACTOR) INSERT AZFSTC F ACF2,REFRESH(FAC),TYPE(FAC)
Authorize the administrator who executes the AZFEXEC clist.
When AZFEXEC is run, CA ACF2 reads and updates CONTROL(FACTOR) records in the CA ACF2 INFOSTG database.
SECURITY is needed on the logonid running AZFEXEC.
If the SECURITY logonid is scoped, it also requires read and update access to IRR.RFACTOR.MFADEF.- in the FACILITY class.
When AZFEXEC is run, CA ACF2 reads and updates CONTROL(FACTOR) records in the CA ACF2 INFOSTG database.
SECURITY is needed on the logonid running AZFEXEC.
If the SECURITY logonid is scoped, it also requires read and update access to IRR.RFACTOR.MFADEF.- in the FACILITY class.
SET RESOURCE(FAC)
RECKEY IRR ADD(RFACTOR.MFADEF.- UID(azfadministrator_uid) SERVICE(READ, UPDATE) ALLOW)
RECKEY IRR ADD(RFACTOR.MFADEF.- UID(azfadministrator_uid) SERVICE(READ, UPDATE) ALLOW)
Feedback
Yes
No
Powered by
