IBMFAC(STGADMIN) Permits in Top Secret
Article ID: 240483
Updated On:
Products
Issue/Introduction
After bringing up the system in DR mode - it seems that rules to restrict certain STGADMIN facilities are no longer working.
Jobs are failing as follows:
DEFINE CLUSTER -
(NAME(PCBB.CHE9227.FUNDXFR2.ONLIV) NONINDEXED) -
DATA -
(NAME(PCBB.CHE9227.FUNDXFR2.ONLIV.DATA) -
RECORDSIZE(1500 1500) -
FREESPACE(40 40) -
CONTROLINTERVALSIZE(4096) -
BUFFERSPACE(16384) -
CYLINDER(100 50) -
SHAREOPTIONS(2,3) -
NONSPANNED REUSE UNORDERED NOWRITECHECK NOERASE -
SPEED)
IGD17151I ALLOCATION FAILED FOR DATA SET
PCBB.CHE9227.FUNDXFR2.ONLIV BECAUSE A KEY LABEL IS
SPECIFIED FOR AN UNSUPPORTED DATA SET TYPE.
My online test via TSO returns the following:
DATA SET SYSX.TESTNE.V9 NOT ALLOCATED+
IGD17157I DSNTYPE BASIC IS NOT A SUPPORTED DATA SET TYPE FOR ENCRYPTION
BECAUSE STGADMIN.SMS.ALLOW.DATASET.SEQ.ENCRYPT IS NOT DEFINED
IGD17151I ALLOCATION FAILED FOR DATA SET
SYSX.TESTNE.V9 BECAUSE A KEY LABEL IS
SPECIFIED FOR AN UNSUPPORTED DATA SET TYPE.
The ID used above has explicit ACCESS(NONE) -
XA IBMFAC = STGADMIN.SMS.ALLOW.DATASET.ENCRYPT OWNER(OWNDEPT1)
ACCESS = NONE
XA IBMFAC = STGADMIN.SMS.ALLOW.DATASET.SEQ.ENCRYPT OWNER(OWNDEPT1)
ACCESS = NONE
XA IBMFAC = STGADMIN.SMS.ALLOW.PDSE.ENCRYPT OWNER(OWNDEPT1)
ACCESS = NONE
XA IBMFAC = STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC OWNER(OWNDEPT1)
ACCESS = NONE
Works fine in production, but not DR.
Environment
Release :
Component :
Resolution
The following trace record was found:
X TSS-F-0897 FDTO001 FDTO001S B IBMFAC 4000 G/0000002500,0220000000 L/908002 F/04000F60,000900,8001,000000
X TSS-1 400000000000 00000000 T/0000000000 STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC
X TSS-2 820000 R/128800 S/100182,0A0020000000 INTRDR A/190080 P/IEFIIC ,B512, ,IEESB605 F/80C00000
X TSS-4 02000000 008CFBA0 7F69F218
There is a call for (IBMFAC)STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC ACCESS(READ)
Need to permit:
TSS PERMIT(FDTO001) (IBMFAC)STGADMIN.SMS.FAIL.INVALID.DSNTYPE.ENC ACCESS(READ)
Feedback
