ACF2 security setup for EXTENDED ACCESS CONTROL function for 'Hitachi Business Continuity Manager'.
search cancel

ACF2 security setup for EXTENDED ACCESS CONTROL function for 'Hitachi Business Continuity Manager'.

book

Article ID: 374223

calendar_today

Updated On:

Products

ACF2 - z/OS ACF2 - MISC ACF2

Issue/Introduction

Implemented the rules as per configuration setup in manual. 
But there is an error message from the YKLOAD module when doing a query for a copy group ID.

 YKL298E  YKLOAD ENCOUNTERED AN UNEXPECTED ERROR.

            44
 YKL099I   YKLOAD command return code=44, reason code=0.

             0

Environment

Release : 16.0
Component  : ACF2 for Z/OS

Cause

The sectrace shows that the Hitachi Business Continuity Manager program JYUIJOPR is a non APF authorized program issuing the following call 

  RACROUTE REQUEST=AUTH STATUS=ACCESS  

which allows a user to interrogate security definitions (access and resource rules) to determine the access level for a user. No auditing is performed. 

Resolution

To maintain system integrity, ACF2 requires that a user be APF-authorized to access security definitions. 
However, some products that use STATUS=ACCESS are not APF-authorized when they issue the request.

To accommodate these products, ACF2 lets the security administrator define the specific calls for which
the authorization check for STATUS=ACCESS is bypassed. 

This is done with the NOAPFCHK keyword on a SAFDEF record that describes the specific environment from which this call is made.
For example, for program program JYUIJOPR:

ACF
INSERT SAFDEF.hbc PROGRAM(JYUIJOPR) RB(SVC109) NOAPFCHK -
       RACROUTE(REQUEST=AUTH,CLASS=DATASET,STATUS=ACCESS)

F ACF2,REFRESH(SAFDEF)

This appears to resolve the problem.

Powered by Wolken Software