INSUFFICIENT ACCESS AUTHORITY using the JCLCheck REST API
search cancel

INSUFFICIENT ACCESS AUTHORITY using the JCLCheck REST API

book

Article ID: 386644

calendar_today

Updated On:

Products

JCLCheck Workload Automation

Issue/Introduction

When attempting to access the REST API the following error is seen in the REST server log: 

ICH408I USER(RESTSTC ) GROUP(???    ) NAME(??????? 
   338               xxx.xx.xxxx CL(DATASET ) VOL(vvvvvv)                      
   338               INSUFFICIENT ACCESS AUTHORITY                              
   338               FROM ????.????* (G)                                         
   338               ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )  

Zowe jclcheck returns:

   messageType:       ERROR
    messageNumber:     CAY6Z12
    messageContent:    Exception encountered checking for existence of dataset 'hlq.jcl.lib(member)'. Reason: //'hlq.jcl.lib': fopen() failed; EDC5092I An I/O abend was trapped.; errno=92 errno2=0xc00b0162 last_op=43 errorCode=0x9130038

Environment

REST API

Zowe JCLCheck Plug-in

RACF

Cause

The JCLCheck REST Server may need to run under the credentials of the server's caller. This is referred to as the server acting as a surrogate.

Resolution

Documentation states that the user id used to run the JCLCheck REST Server should have the following permissions;

BPX.SERVER (READ)
BPX.CONSOLE(READ)
BPX.DAEMON(UPDATE)

In order for the JCLCheck REST Server to act as a surrogate, the user id used to run the JCLCheck REST Server may need the following permissions;

BPX.SERVER (UPDATE)
BPX.CONSOLE(READ)
BPX.DAEMON(UPDATE)

 

Powered by Wolken Software