Debugging a SARATH92 AUTHORIZATION FAILED message in CA View
search cancel

Debugging a SARATH92 AUTHORIZATION FAILED message in CA View


Article ID: 31325


Updated On:


Deliver View


A user attempts to view a sysout in View and receives a SARATH92 AUTHORIZATION FAILED message.

How can I determine the cause of the problem?  


View, Deliver, 14.0


Security failure.


An "Authorization Failed" message can appear in the following instances, when attempting to browse reports in CA View:


- If Deliver is used, it may be due to a Report Definition, with Distribution IDs with setting of "Y" for RVIEW. 
  - The "Y" setting indicates a user has restricted viewing privileges. A setting of "N" will lift the restriction.

- If there is a customized SARSECUX exit in use:
  - The DEFAULT size of the CA provided vanilla exit is 0048. If the size of the SARSECUX module in your CVDELOAD library is different, it's been modified. 
    -  Review the coding of the exit, as a modified exit may be keeping the security from working properly.

- If received when using ROSCOE and RACF:
  - See if the failure can be repeated when accessing the same report through TSO. 
    - If the failure is repeated, it could be due to a modified SARUSRUX exit.  Review the coding of the exit.

- Review the SARINIT parms SECID= and SECURITY= to determine what security function CA View is using.
  - If CA View is configured with SECURITY=EXTERNAL, check the specific external security rules in use and applied to the users profile.

- If there was a change in a user's security profile:
  - It could be that the user does not have the proper level of access. Even with a report browse, a user is making an update to the database.
    -  Review the profile, to determine the nature of the change that lost any security access.

- See Additional Information section of this article.

-  For situation analysis, for a short time set SARINIT FEATURE=1, for security diagnostics.
   If an "Authorization Failed" message appears, you will see the following diagnostic messages:

     SARATH92 AUTHORIZATION FAILED userid UNDER interface RC=xx.xx.xx  
     SARATH92 CLASS=class    ENTITY=resource entity                    
     Reason: Userid is not authorized to access the requested resource for the specified CLASS and ENTITY value.  

     Action: Consult with your security administrator or systems programming group to determine the reason why the authorization was not granted.

Additional Information

SECID =  Is the first node of a security rule. This parameter specifies a one- to eight-character identifier that prefixes the resource name for external security. (Default is SECID=VIEW).


ACCESS LEVEL = Read, Update, Control, Alter 
RESOURCE TYPE = There are 17 resource types that are used as the second node of a security rule:


Resource  Resources 
Type      Protected 
ADMIN    Content/Web Viewer Administrator
BANR     Banner page members
DBAS     SARDBASE functions
DEV     Device definition (DEF DEV command)
DIST     Distribution definition (DEF DIST command)
FILT     Filter definitions (DEF FILTER command)
GROUP     Content/Web Viewer repository groups
IDXN     Index name
IDXV     Index value
JOB     Job
NOTE     Annotations and bookmarks
PANL     Online panel members
REPT     SYSOUTs/Reports
RAPS     All pages of a SYSOUT/Report
SYS     SYSOUT definition (DEF SYS command)
USER     User IDs (DEF USER command)
VIEW     Logical Views


- The following CA View native security rules can be used for browsing reports:                      


- The above format would be used, in constructing a rule, regardless of the security package used.

- Review rules similar to the above, to make sure that they have been entered correctly.


More detailed information is provided in the View documentation under the section External Security