IBM Security change: CA Disk must have READ authority to the FACILITY class profile

book

Article ID: 38056

calendar_today

Updated On:

Products

CA Disk Backup and Restore - MVS CA DISK BACKUP AND RESTORE- ADD-ON OPTIO CA DISK BACKUP AND RESTORE

Issue/Introduction

SYMPTOMS:

In Job Log, these error messages:
IEC161I 040(001)-053,job,step,VSAM,,, 
IEC161I dsn clus,dsn data,
IEC161I usercat.xxx

In CA Disk Messages:
ADSDM263 2516 THE FOLLOWING ERROR WAS DETECTED DURING OPEN PROCESSING OF CLUSTER xxx.xxx :
ADSDM263 2547 ERROR DURING VSAM OPEN -- ACBERFLG = 152
ADSDM263 2547 SECURITY VERIFICATION FAILED --
ADSDM263 2547 SECURITY SYSTEM DENIED ACCESS,
ADSDM263 2547 PASSWORD PROVIDED IS INCORRECT,
ADSDM263 2547 OR DMS IS RUNNING NON-APF-AUTHORIZED

ENVIRONMENT:

IBM OA46090/UA75830 changes for VSAM EXCPEXIT

z/OS 2.2
z/OS 2.1 and 1.13 with APAR OA46090 applied.

CAUSE:

IBM has changed security for the EXCPEXIT field for VSAM. 
CA Disk now needs READ authority to the FACILITY class profile. 
If none exists or no access, the job will fail with the symptoms noted above.

This changed with UA75830.  This is the link to the DOC HOLD regarding this change:
http://www-01.ibm.com/support/docview.wss?uid=isg1OA47290

ADDITIONAL INFORMATION: 

Please see the information from the z/OS 2.2 Migration manual:
DFSMSdfp: Define a security profile for VSAM exception exits

http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.2.0/com.ibm.zos.v2r2.e0zm100/dfsmsidcamsNamedExit.htm

 

 

 

Environment

Release: SMDI3900200-12.5-Disk-Backup and Restore-for z/OS
Component: