INI records in TSSUTIL for DB2 privileged acids
search cancel

INI records in TSSUTIL for DB2 privileged acids

book

Article ID: 231354

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

TSSUTIL is showing a lot of INI records like this:

 

  DATE      TIME    SYSID ACCESSOR  JOBNAME   FACILITY  MODE  VC  PROGRAM   R-ACCESS A-ACCESS  SRC/DRC  SEC  JOBID   TERMINAL
--------  --------  ----- --------  --------  --------  ----  --  --------  -------- --------  -------  ---  ------- --------
10/08/20  01:10:12  aaaaa ACIDxxxx CICSyyyy  CICSTEST  FAIL      DFHKETCB  PSCHK=NO SIGNON      OK     INI  S126734

                    RESOURCE  TYPE & NAME :             NAME=USER ACID0001

 

The user ACIDxxxx is a standard DB2 -plan  -package owner and is an internal DB2 user so why are these records generated for this internal DB2 user in a CICS facility?

 

 

Environment

Release : 16.0

Component : Top Secret for z/OS

Cause

The LOG(INI) control option (Or LOG suboption in the facility)  logs all job/session initiations and terminations.

 

A SAFTRACE shows this record:

TRACEID: tracid   EVENT#:  01478356                                   
JOBNAME: CICSyyyy USERID:  ACIDxxxx ASID: asidnum                  
PROGRAM: DFHKETCB RB CURR: *IRB*    APF:  YES  SFR/RFR: N/A          
RACROUTE REQUEST=VERIFY,REQSTOR={=>}'reqstor',                         
        SUBSYS={=>}'subsys',RELEASE=1.9.2,STAT=ASIS,SMC=YES,      
        ACEE={=>,STRUCTURE,=>}00000000,ENVIR=CREATE,                 
        ENCRYPT=YES,INSTLN={STRUCTURE,=>,18C88944},LOC=ANY,          
        LOG=ASIS,MSGRTRN=YES,MSGSP=0,MSGSUPP=YES,PASSCHK=NO,         
        USERID={=>}'ACID0001',                                       
       WORKA={STRUCTURE SAFWORKA,=>,18C88A44}  

 

This SAF record means that there is a SAF call to logon the acid ACIDxxxx so the INI record is recorded in the ATF of TSS.

 

 

 

Resolution

When the DB2 interface issues a sign-on for a secondary AUTHID it is done under the address space that requested the data. 

So when a request comes into DB2 from a CICS address space, if a secondary AUTHID needs to be signed in, the sign-on is done under the facility that issued the initial request.

In this sample the CICS is running under facility CICSTEST . The logging option for facility CICSTEST is INIT .   So when the ACID is sign-on TSS will log the INI.  To stop the logging of INI remove the option from the facility.