Why do I have a GIM20703S/T MESSAGE RUNNING SMP/E COMMANDS?

book

Article ID: 49967

calendar_today

Updated On:

Products

CA Cleanup CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA Datacom/AD CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction

Description:

You are running SMP/E commands and you get the error messages:

GIM20703S/T cmd PROCESSING FAILED. THE COMMAND OR SERVICE ROUTINE IS NOT PROTECTED BY A SECURITY MANAGER.

Solution:

These SMP/E resources are not authorized by default. You must make the following administrative changes to allow access to the SMP/E functions.

The security calls are all in the IBMFAC class (IBM FACILITY class) and have the following resource name formats:

  • GIM.CMD.command for the SMP/E commands, where "command" is the name of the current SMP/E command being attempted.

    For example:
    TSS PERMIT(acid) IBMFAC(GIM.CMD.APPLY) ACCESS(READ)
    for the APPLY command.

  • GIM.PGM.program for the GIMZIP, GIMUNZIP or GIMIAP service routines, where "program" is the name of the service routine being processed. For example:

    TSS PERMIT(acid) IBMFAC(GIM.PGM.GIMZIP) ACCESS(READ)
    for the GIMZIP command.

    To secure the SMP/E commands, define them in CA Top Secret as a protected resource.

    Example:
    TSS ADD(owningacid) IBMFAC(GIM.)
    We recommend that you write PERMITs for each SMP/E function.

    However, if you prefer to allow everyone access to these resources, you can issue PERMIT commands similar to the following::
    TSS PERMIT(ALL) IBMFAC(GIM.PGM.) ACCESS(READ)
    TSS PERMIT(ALL) IBMFAC(GIM.CMD.) ACCESS(READ)
    To identify all users that need specific functions permitted, add the SMP/E resource to the AUDIT record. This will log all accesses for that SMP/E
    resources. This will enable writing of future PERMIT commands at a more granular level.
    TSS ADD(AUDIT) IBMFAC(GIM.PGM.)
    TSS ADD(AUDIT) IBMFAC(GIM.CMD.)

Environment

Release:
Component: AWAGNT