search cancel

ACF2 GENREQ or GENCERT command gets CAS20EDE Operation xxxxxxxx cannot be performed

book

Article ID: 239546

calendar_today

Updated On:

Products

ACF2

Issue/Introduction

Extract certificate for renewal with the ACF2 GENREQ command getting:
CAS20EDE Operation GENREQ cannot be performed - User is not defined as OMVS user.

GENCERT of a certificate getting:
CAS20EDE Operation GENCERT cannot be performed - User is not defined as OMVS user

 

Environment

Release : 12.0

Component : ACF2 for z/OS

Resolution

UID(0) is not required for the GENCERT command. In order to issue the GENCERT command the logonid that is issuing the command must be defined to OMVS(in add which means that the logonid must have a UID and GID assigned. With ACF2 UID and GID are assigned by ACF2 USER Profile records. UIDs and GIDs can be auto-assigned however this is optional and must be configured. Also note that in order to issue the GENCERT command the logonid needs security authorization by either having SECURITY, Scoped SECURITY or access to the ACFCMD.DIGTCERT.command resource rules in the CASECAUT class.

The following can be done to determine if the logonid is defined to OMVS.

Can you please issue the following commands for the logonid that is issuing the GENCERT command?

For the following commands testlid is the logonid that is issuing the GENCERT command.

ACF
LIST testlid PROFILE(OMVS)
LIST testlid

From the display of the second LIST command above look for the 'RESTRICTIONS' section

RESTRICTIONS         GROUP(TESTGRP) PREFIX(USER001)

Note the GROUP field, in the above group TESTGRP.

Next issue the following commands to check the GROUP:

ACF
SET PROFILE(GROUP) DIV(OMVS) 
LIST TESTGRP

To address the error ensure that the logonid issuing the command has an OMVS User Profile record defined with a UID and the GROUP field on the logonid that has a GID defined.