IBM Security change: Disk authority to FACILITY class profile
Article ID: 38056
Updated On:
Products
Issue/Introduction
During Backup/Archive, the following error messages received:
IEC161I 040(001)-053,job,step,VSAM,,,
IEC161I dsn clus,dsn data,
IEC161I usercat.xxx
ADSDM263 2516 THE FOLLOWING ERROR WAS DETECTED DURING OPEN PROCESSING OF CLUSTER xxx.xxx :
ADSDM263 2547 ERROR DURING VSAM OPEN -- ACBERFLG = 152
ADSDM263 2547 SECURITY VERIFICATION FAILED --
ADSDM263 2547 SECURITY SYSTEM DENIED ACCESS,
ADSDM263 2547 PASSWORD PROVIDED IS INCORRECT,
ADSDM263 2547 OR DMS IS RUNNING NON-APF-AUTHORIZED
Environment
Release: Disk™ Backup and Restore 12.5 and above.
IBM OA46090/UA75830 changes for VSAM EXCPEXIT
z/OS 2.2
z/OS 2.1 and 1.13 with APAR OA46090 applied.
Resolution
IBM has changed security for the EXCPEXIT field for VSAM. Disk™ Backup and Restore now needs READ authority to the FACILITY class profile. If none exists or no access, the job will fail with the symptoms noted above.
This changed with UA75830. This DOC HOLD regarding this change is OA47290: ++HOLD FOR DOC IS INCOMPLETE FOR OA46090 PTFS.
Additional Information
Please see the information from the z/OS 2.2 IBM Migration manual:
DFSMSdfp: Define a security profile for VSAM exception exits.
Feedback
