RACF violation on BPX.SMF CL(FACILITY) OM Web Viewer 14.0 startup task
Article ID: 263429
Updated On:
Products
Issue/Introduction
Seeing RACF violations in the Web Viewer Startup task for users accessing reports using OM Web Viewer to view reports.
ICH408I USER(EAXXXXX ) GROUP(<group> ) NAME(<firstname>, <lastname>
BPX.SMF CL(FACILITY)
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
The RACF team is reluctant to grant universal read access to BPX.SMF profile as there is some risk as indicated below:
"There is some risk associated with the profile and you would not typically grant a UACC of READ. We are exploring applying the STIG standards and they have a control specifically for BPX.SMF (The IBM z/OS BPX.SMF resource must be properly configured.). If the SMF records do need to be created and we can figure out what type they are, we could at least limit the access to only that SMF type as per the link."
According to documentation:
- Is there a way to limit the access to a specific SMF record type for Web Viewer?
- Can you turn off the option of creating SMF records for Web Viewer users?
Environment
- Output Management Web Viewer 14.0
- Output Management Web Viewerâ„¢ for z/OS
- IBM RACF
Resolution
It is not possible to limit the access to a specific SMF record type for Web Viewer.
It is not possible to turn off the option of creating SMF records for Web Viewer users.
Feedback
