OS20I UNAUTHORIZED ACCESS REQUEST FOR library.sublibrary Trying To Activate VSE Library Security
searchcancel
OS20I UNAUTHORIZED ACCESS REQUEST FOR library.sublibrary Trying To Activate VSE Library Security
book
Article ID: 27267
calendar_today
Updated On: 06-13-2024
Products
Top Secret - VSE
Issue/Introduction
When trying to activate VSE Library Security by specifying SEC=YES, message 'OS20I UNAUTHORIZED ACCESS REQUEST FOR library.sublibrary' is received during IPL.
Environment
Release: Component: TSSVSE
Resolution
'OS20I UNAUTHORIZED ACCESS REQUEST FOR library.sublibrary' during IPL at BGINIT time:
A VSE ID card for the BGINIT must be present. If TOP SECRET is active and cataloging a new BG or FB startup proc, specify the following ID card syntax:
'ID USER=FORSEC,PWD=FORSEC'
Note: No '//' (slashes).
Explanation: If the ID card is cataloged with the '//' (slashes), Top Secret will encrypt the ID card. Because Top Secret has not initialized yet when the BGINIT job executes, the encrypted '// ID ' card cannot be read.The solution is to remove the '//' from the '// ID' card and re-catalog the IPL deck. Without the '//' (slashes), Top Secret will not encrypt the '// ID' card.
'0S20I UNAUTHORIZED ACCESS REQUEST FOR: library.sublibrary $$b_transient.phase' during CASAUTIL execution.
VSE IPL 'SYSTEM' statement with SEC=YES activates VSE library security. The IPL/ASI/startup is at the mercy of IBM's VSE security until TOP SECRET has a chance to completely initialize during IPL.
B-Transients are a special kind of system phase. In a system with VSE library security active, they can be loaded from protected libraries only. Any attempt to load a B-transient from an unprotected library would cause an IBM VSE '0S20I UNAUTHORIZED ACCESS" access violation.
Libraries that contain B-transients of the VSE base programs are automatically protected by appropriate entries in the IBM VSE pre-generated access control table DTSECTAB.
B-Transients are phase name beginning by $$B. Any library containing B-Transients phases that will be loaded prior to TOP SECRET initialization need to be added to the IBM VSE security table DTSECTAB or a VSE '0S20I UNAUTHORIZED ACCESS?" access violation will be received.
For Example, CIS and DYNAM libraries.
No security checking being done for library/sublibrary/member. Verify that IBM VSE IPL 'SYSTEM' statement with parameter SEC=YES has Specified.
To verify:
Display address 80 who is the address of SYSCOM. From the VSE console, issue a: dsply 80
Example: dsply 80
AR 0015 00000420 00001004 0002006B 00040011 *...........,....* AR 0015 1I40I READY
Add x'041' to the address of SYSCOM and display that address: x'420' + x'041' = x'461'
Example: dsply 461 AR 0015 601CE8 00200044 0240BB80 000090E0 00 *-.Y..... .......* AR 0015 1I40I READY
If a x'10' was not set that means that SEC=NO was coded
Once the above is achieved, VSE will start correctly and you can define any library/sublibrary/member to be protected by TOP SECRET using TOP SECRET itself.
Additional Information
See Chapter 7 of the 'VSE Libarary Security' in the TOP SECRET Implementation: Batch, STC and APPC Guide.