search cancel

Why do I have a GIM20703S/T MESSAGE RUNNING SMP/E COMMANDS?

book

Article ID: 49967

calendar_today

Updated On:

Products

Cleanup Datacom DATACOM - AD CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services CA ECOMETER SERVER COMPONENT FOC Easytrieve Report Generator for Common Services INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Top Secret Top Secret - LDAP Top Secret - VSE

Issue/Introduction

Description:

You are running SMP/E commands and you get the error messages:

GIM20703S/T cmd PROCESSING FAILED. THE COMMAND OR SERVICE ROUTINE IS NOT PROTECTED BY A SECURITY MANAGER.

Solution:

These SMP/E resources are not authorized by default. You must make the following administrative changes to allow access to the SMP/E functions.

The security calls are all in the IBMFAC class (IBM FACILITY class) and have the following resource name formats:

  • GIM.CMD.command for the SMP/E commands, where "command" is the name of the current SMP/E command being attempted.

    For example:
    TSS PERMIT(acid) IBMFAC(GIM.CMD.APPLY) ACCESS(READ)
    for the APPLY command.

  • GIM.PGM.program for the GIMZIP, GIMUNZIP or GIMIAP service routines, where "program" is the name of the service routine being processed. For example:

    TSS PERMIT(acid) IBMFAC(GIM.PGM.GIMZIP) ACCESS(READ)
    for the GIMZIP command.

    To secure the SMP/E commands, define them in CA Top Secret as a protected resource.

    Example:
    TSS ADD(owningacid) IBMFAC(GIM.)
    We recommend that you write PERMITs for each SMP/E function.

    However, if you prefer to allow everyone access to these resources, you can issue PERMIT commands similar to the following::
    TSS PERMIT(ALL) IBMFAC(GIM.PGM.) ACCESS(READ)
    TSS PERMIT(ALL) IBMFAC(GIM.CMD.) ACCESS(READ)
    To identify all users that need specific functions permitted, add the SMP/E resource to the AUDIT record. This will log all accesses for that SMP/E
    resources. This will enable writing of future PERMIT commands at a more granular level.
    TSS ADD(AUDIT) IBMFAC(GIM.PGM.)
    TSS ADD(AUDIT) IBMFAC(GIM.CMD.)

Environment

Release:
Component: AWAGNT