Keyring not visible from SYSVIEW with the KEYRINGS command
search cancel

Keyring not visible from SYSVIEW with the KEYRINGS command

book

Article ID: 366803

calendar_today

Updated On:

Products

SYSVIEW Performance Management

Issue/Introduction

ZAPIRING is a keyring and it is not visible from SYSVIEW when issuing the KEYRINGS command. 

Environment

SYSVIEW 16.0 & 17.0 - z/OS supported releases - 

Resolution

It is a security issue, the security requirements section in the KEYRINGS help should be reviewed: 

Security Requirements: 
 
When listing keyrings, there are two SAF authorization modes used to
check access to a keyring: granular and global.
 
Granular authorization is always checked first and checks access to a
specific keyring by locating a specific resource under the RDATALIB
class. The following table details granular authorization:
 
+---------------------------------------------------------------------+
| Function                         | Authority required               |
+----------------------------------+----------------------------------+
| List a specific ring owned by a  | READ authority to:               |
| specific user                    | <Ring owner>.<Ring name>.LST     |
+----------------------------------+----------------------------------+
| List all the rings owned by a    | READ authority to:               |
| specific user                    | <Ring owner>.*.LST               |
+----------------------------------+----------------------------------+
| List all rings with a specific   | READ authority to:               |
| name                             | *.<Ring name>.LST
+----------------------------------+----------------------------------+
| List all rings                   | READ authority to:               |
|                                  | *.*.LST                          |
+---------------------------------------------------------------------+
 
When a matching resource is not found under the RDATALIB class, global
authorization is used and checks access to keyrings under the FACILITY
class. The following table details global authorization:
 
+---------------------------------------------------------------------+
| Function                         | Authority required               |
+----------------------------------+----------------------------------+
| List one's own rings             | READ authority to:               |
|                                  | IRR.DIGTCERT.LISTRING            |
+----------------------------------+----------------------------------+
| List someone else's rings        | UPDATE authority to:             |
|                                  | IRR.DIGTCERT.LISTRING            |
-----------------------------------------------------------------------

Adding the READ access to the resource: RDATALIB(ZWESVUSR.ZAPIRING.LST) resolved the problem.