YSVCUNCD access when using SyncSort
search cancel

YSVCUNCD access when using SyncSort

book

Article ID: 245150

calendar_today

Updated On: 02-24-2023

Products

CA 1 Flexible Storage

Issue/Introduction

We are in the process of enabling additional CA1 security (inc YSVC). In the manual it says that YSVC security checks are not perform for real-time tape processing however we have seen calls to YSVCUNCD as shown below when the batch job is executing SORT.

ICH408I USER(xxxxxxxx) GROUP(ETWSUSER) NAME(TWS BATCH ID        )
  YSVCUNCD CL(CA@APE  )                                          
  WARNING: INSUFFICIENT AUTHORITY - TEMPORARY ACCESS ALLOWED     
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )                

We are in RACF WARN mode for this class at the moment and hence seeing the above. Why is the YSVC being called when the batch job is not executing a CA1 utility or is the manual incorrect?

 

Environment

Release : 14.0

Component : CA 1 Tape Management

Resolution

 give the target userid either YSVCUNCD or YSVCCOND READ access as outlined in the following KD article: 

https://ca-broadcomcsm.wolkenservicedesk.com/wolken/esd/knowledgebase_search?articleId=27965

DFSORT and SyncSort access the TMC, thus requiring additional security permission(s) to be defined.

to resolve the issue

What is happening is because you are running RACF in WARN mode that when we do the check for YSVCUNCD it fails   and we do this check with the NOLOG parm, but RACF is flagging that even though when we do the next check of YSVCCOND you have that.

 

All is well now.