IFA707I REASON=SAF RESOURCE WAS NOT DEFINED
search cancel

IFA707I REASON=SAF RESOURCE WAS NOT DEFINED

book

Article ID: 379469

calendar_today

Updated On:

Products

Top Secret

Issue/Introduction

The SYS1.PARMLIB(IFASMFAA) is defined with an INMEM parameter to define an in-memory resource

INMEM(IFASMF.&SYSNAME..INMEM.XYZ,TYPE(number),RESSIZMAX(size))

 

The following command is issued to activate the updated SMFPRMAA member:

 

/ro sysname,set smf=aa

 

After issuing the command the following error messages are received:

 

SET SMF=AA
IEE252I MEMBER SMFPRMAA FOUND IN SYS1.PARMLIB
IEE974I hh.mm.ss SMF DATA SETS
NAME VOLSER SIZE(BLKS) %FULL STATUS


IFA707I SMF CANNOT CONNECT TO LOGSTREAM IFASMF.sysname.INMEM.XYZ
REASON=SAF RESOURCE WAS NOT DEFINED



After adding TRACE to the SMF acid the following trace is generated:

 

X TSS-X-0800*SMF      SMF      S IBMFAC  2000 G/0400000000,0000000000 L/208000 F/00000B20,040100,0001,000000
X TSS-1 000000000000 00000000   T/A800000025
X TSS-2 000000 R/129800 S/000100,020800000000            A/010080 P/IFASMF  ,3122,        ,IEESB605 F/80800020
X TSS-4 00000000 005FA9B8 7F254AD0  REQ/         SUB/
X TSS-F-0400*SMF      SMF      S PROGRAM 2000 G/0000000000,0000000000 L/200002 F/04000720,000900,8001,000000
X TSS-1 400000000000 00000000   T/0000000000        IFALSTCB
X TSS-2 2A0000 R/129800 S/000100,020800000000            A/010080 P/IFASMF  ,3122,        ,IEESB605 F/80800020
X TSS-4 00000000 005FA9B8 7F254AD0

 

According to the instructions to define in-memory resources the SAF resource profile name must start with the IFA. high-level qualifier, followed by the in-memory resource name.

a SAFTRACE shows that the resource passed to Top Secret is:

 

IFA.IFASMF.sysname.INMEM.XYZ

 

The user SMF has the following permit:

XA IBMFAC  = IFA.IFASMF.*.INMEM.                           OWNER(owner )
   ACCESS  = UPDATE

 

The '08' in the TSS-X-0800* of the sectrace means that the access to the resource is denied however according to the permit the access should be allowed.

Environment

Z/OS 2.5

Top Secret 16.0

 

Cause

A list of the IBMFAC resource (TSS LIST(RDT) RESCLASS(IBMFAC)) sows the following:



ACCESSORID = *RDT*  NAME    = RESOURCE DEFINITIONS                
  RESOURCE CLASS = IBMFAC                                               
   RESOURCE CODE = X'086'   POSIT =   8                              
       ATTRIBUTE = NOMASK,MAXOWN(08),MAXPERMIT(039),ACCESS,PRIVPGM      
          ACCESS = NONE(0000),CONTROL(6400),UPDATE(6000),READ(4000)     
          ACCESS = WRITE(2000),ALL(FFFF)                                
          DEFACC = READ                                                 
TSS0300I  LIST  FUNCTION SUCCESSFUL   

The resource is defined as NOMASK so any masking characters will be viewed literally.  In other words, any asterisk would not be viewed as a masking character but as an actual asterisk and therefore will not match the resources that are checked.

The permit was using an asterisk so this is the reason the access to the resource failed

Resolution

Define IBMFAC resource in RDT as MASK

 Note: Altering a resource class to MASK from NOMASK makes existing resources un-administrable. Before making
such a change, it is recommended that all existing permissions and ownerships be revoked and removed, then readministered
after the attribute change.

or 

Permit access to the resource without asterisk:

 

     IFA.IFASMF.sysname.INMEM.

         instead of 

    IFA.IFASMF.*.INMEM.
Powered by Wolken Software