Debugging a SARATH92 AUTHORIZATION FAILED message in CA View
search cancel

Debugging a SARATH92 AUTHORIZATION FAILED message in CA View

book

Article ID: 31325

calendar_today

Updated On:

Products

Deliver View

Issue/Introduction

A user attempts to view a sysout in View and receives a SARATH92 AUTHORIZATION FAILED message.

How can I determine the cause of the problem?  

Environment

View, Deliver, 14.0

Cause

Security failure.

Resolution

An "Authorization Failed" message can appear in the following instances, when attempting to browse reports in CA View:

 

- If Deliver is used, it may be due to a Report Definition, with Distribution IDs with setting of "Y" for RVIEW. 
  - The "Y" setting indicates a user has restricted viewing privileges. A setting of "N" will lift the restriction.

- If there is a customized SARSECUX exit in use:
  - The DEFAULT size of the CA provided vanilla exit is 0048. If the size of the SARSECUX module in your CVDELOAD library is different, it's been modified. 
    -  Review the coding of the exit, as a modified exit may be keeping the security from working properly.

- If received when using ROSCOE and RACF:
  - See if the failure can be repeated when accessing the same report through TSO. 
    - If the failure is repeated, it could be due to a modified SARUSRUX exit.  Review the coding of the exit.

- Review the SARINIT parms SECID= and SECURITY= to determine what security function CA View is using.
  - If CA View is configured with SECURITY=EXTERNAL, check the specific external security rules in use and applied to the users profile.

- If there was a change in a user's security profile:
  - It could be that the user does not have the proper level of access. Even with a report browse, a user is making an update to the database.
    -  Review the profile, to determine the nature of the change that lost any security access.

- See Additional Information section of this article.

-  For situation analysis, for a short time set SARINIT FEATURE=1, for security diagnostics.
   
   If an "Authorization Failed" message appears, you will see the following diagnostic messages:

     SARATH92 AUTHORIZATION FAILED userid UNDER interface RC=xx.xx.xx  
     SARATH92 CLASS=class    ENTITY=resource entity                    
                                                                  
     Reason: Userid is not authorized to access the requested resource for the specified CLASS and ENTITY value.  

     Action: Consult with your security administrator or systems programming group to determine the reason why the authorization was not granted.

Additional Information

SECID =  Is the first node of a security rule. This parameter specifies a one- to eight-character identifier that prefixes the resource name for external security. (Default is SECID=VIEW).

Security CLASS = CHA1VIEW

ACCESS LEVEL = Read, Update, Control, Alter 
    
RESOURCE TYPE = There are 17 resource types that are used as the second node of a security rule:

 

Resource  Resources 
Type      Protected 
---------------------------------------------------
ADMIN    Content/Web Viewer Administrator
BANR     Banner page members
DBAS     SARDBASE functions
DEV     Device definition (DEF DEV command)
DIST     Distribution definition (DEF DIST command)
FILT     Filter definitions (DEF FILTER command)
GROUP     Content/Web Viewer repository groups
IDXN     Index name
IDXV     Index value
JOB     Job
NOTE     Annotations and bookmarks
PANL     Online panel members
REPT     SYSOUTs/Reports
RAPS     All pages of a SYSOUT/Report
SYS     SYSOUT definition (DEF SYS command)
USER     User IDs (DEF USER command)
VIEW     Logical Views

 

- The following CA View native security rules can be used for browsing reports:                      

         secid.REPT.*                                                          
         secid.VIEW.*                                      
         secid.RAPS.*

- The above format would be used, in constructing a rule, regardless of the security package used.

- Review rules similar to the above, to make sure that they have been entered correctly.

 

More detailed information is provided in the View documentation under the section External Security