User that should be able to execute the command gets error: MENM0087 Unauthorized TPX command

Article Id: 51185
Status: Published
Updated On: 05-04-2018 08:06
Legacy Id: TEC525309
Products:
CA TPX - Session Management , TPX- PACKAGE , CA Vman Session Management for z/OS , TPX SESSION MANAGEMENT
Issue/Introduction:

User gets message MENM0087 when entering command, such as "I" - Inactivate session.
User belongs to group and a class having authority to inactivate a session.

Cause:

MENM0087 Unauthorized TPX command indicates that the user is not authorized for the command that was entered.

Environment:

Release: NVINAM00200-5.4-TPX-Session Management-Access Management package
Component:

Resolution:

Use TPXADMIN to check the values for Command class for this user:

                              TPX Userid Maintenance Detail Panel                  
                                                                 Panelid  - 
     Command ===>                                                Userid   - 
                                                                 Termid   - 
   Userid:   MICKEY                                              Date     - 
   UserName:                                                     Time     - 
   Location:                         Phone:                               
 
                                   Profile defaults     System defaults   
   Command character:   #           _                   /                 
   Command key:         PF2         _______             PF12/24           
   Jump key:            _____       _____               PF5               
   Menu key:            _____       _____               PF4               
   Print key:           _____       _____               NONE              
   Group name:          TPXGROUP                             
   Command class:       _           _                   D     
   Operator Cmd Cls:    _           _                   D                 
   Update class:        _           _                   D                 
   Stage 1 timeout:     ______      ______              999999            
   Stage 1 option:      __          __                  F                 
   Stage 2 timeout:     ______      ______              999999            
   Stage 2 option:      __          __                                    
 
   PF1=Help    PF3=End    PF4=Return   PF8=Next Page       "CANCEL" cancel
 

System level options are overridden by profile level options which in turn are overridden by user level options.

If you are expecting that the command class is being set at the profile level, verify that there is not a blank value at the user level.

If you are expecting that the command class is being set at the system level, verify that there is not a blank value at the user level or profile level.

A blank will be interpreted as a command class of ' ', but none can be defined so the user will not be authorized for any commands.

Profile level user options including command class are determined by the first profile assigned to the user. Check if the user's first profile has a blank in PIDXPRSV Command Class.

You can delete a blank value online with EOF, or by using TPX batch:

  • For profile level command class value: UPDATE TPX PROFILE ( profname ( PIDXPRSV (_)))
     
  • For user level command class value: UPDATE TPX USER ( userid ( UIDXPRSV (_)))

 

Additional Information:

This Knowledge Base article provides an explanation and example of how to identify fields that contain blanks. It's slightly different for USER variables and PROFILE variables.

CA TPX Batch - example - How to find where the session Label (Session Description) has been overridden with blanks at the profile or user level?
Document ID : KB000011256
https://comm.support.ca.com/kb/ca-tpx-batch-example-how-to-find-where-the-session-label-session-description-has-been-overridden-with-blanks-at-the-profile-or-user-level/kb000011256