search cancel

View - View is not respecting profiles in RACF WARN mode

book

Article ID: 228751

calendar_today

Updated On:

Products

View

Issue/Introduction

Our RACF security engineer has turned on RACF WARN mode for CA-View, and he's reporting that CA-View is not respecting the profiles in WARN mode.

Below is a screen print of what CA-View is doing, in returning a RC=-.20.0:

FUNC=CPLFBRS ACCESS=READ CLASS=CHA1VIEW ENTITY=VIEW.REPT.#DLYCAT

ICH408I USER(A032    ) GROUP(IT$SENG ) NAME(BURK, DANIEL        )

  VIEW.REPT.#DLYCAT CL(CHA1VIEW)

  WARNING: INSUFFICIENT AUTHORITY - TEMPORARY ACCESS ALLOWED

  FROM VIEW.REPT.** (G)

  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )

FUNC=CPLFVACC ACCESS=READ CLASS=CHA1VIEW ENTITY=VIEW.VIEW.000.P.#DLYCAT

SARATH92  Authorization failed A032 under ISPF RC=0.20.0

SARATH92  CLASS=CHA1VIEW ENTITY=VIEW.VIEW.000.P.#DLYCAT

 

Environment

Release : 14.0

Component : View

Resolution

It was found:

 . Removing STATUS=ACCESS will resolve the issue. 

 . That there was not a need to check for the highest access.  Just check for access and base findings in return code “0” for successful or “8” for failure. 

 . RACF will automatically take into account if the profile is in WARNING mode.