OPSPARM SEC failure - Not authorized to read value of SSMMONDISP
search cancel

OPSPARM SEC failure - Not authorized to read value of SSMMONDISP

book

Article ID: 247925

calendar_today

Updated On:

Products

OPS/MVS Event Management & Automation

Issue/Introduction

I migrated an OPS/MVS installation from another system and when attempting to go into SSM,  I get the following message below.  The system I migrated from has external security enabled in the Facility class for OP$MVS.* profiles in RACF.

I get the following error on the panel,  but no message id and I can't find the message text in the any of online documentation manuals for OPS/MVS.  

 

I don't see any RACF violation records so I am wondering if this is defined internally somewhere and not in the Facility class.

 

Environment

Release : 14.0

Component : OPS/MVS

Cause

A possible cause of this issue is that TSO OPER authority was not granted to the user ID attempting to access the SSM panels. 

Resolution

TSO OPER authority requirements are discussed here:

https://techdocs.broadcom.com/us/en/ca-mainframe-software/automation/ca-ops-mvs-event-management-and-automation/14-0/securing/tso-oper-authority.html

"In the absence of security rules or a customized OPUSEX security user exit, OPS/MVS requires that non-authorized attempts to access most of its operational features originate from an address space with a user ID that has TSO OPER authority."

 

Security solution commands for granting TSO OPER authority follow:

For RACF: 

PERMIT OPER ACCESS(READ) CLASS(TSOAUTH) ID(user) 

 

For CA Top Secret:

TSS PERMIT(userA) TSOAUTH(OPER)

 


For CA  ACF2:  

SET RESOURCE(SAF) 

RECKEY OPER ADD( UID(UID string for USER1) SERVICE(READ))

Powered by Wolken Software