Trying to read a tape dataset using DFSORT results in a security violation from RACF for the CA 1 YSVC resource YSVCCOND and Abend 9YY-104.
search cancel

Trying to read a tape dataset using DFSORT results in a security violation from RACF for the CA 1 YSVC resource YSVCCOND and Abend 9YY-104.

book

Article ID: 51215

calendar_today

Updated On:

Products

CA 1 Flexible Storage CA 1 Tape Management - Copycat Utility CA 1 Tape Management - Add-On Options

Issue/Introduction

Trying to read a tape dataset using DFSORT results in a security violation from RACF for the CA 1 YSVC resource YSVCCOND and Abend 9YY-104.

Related messages:

ICH408I USER(userid) GROUP(group) NAME(name)
  YSVCCOND CL(CA@APE)
  INSUFFICIENT ACCESS AUTHORITY
  ACCESS INTENT(READ) ACCESS ALLOWED(NONE)
CAL052SF 08 000 rsn userid/pgmname/YSVCCOND 
CAS9034E FUNCTION(RESCHECK) ACCESS TO RESOURCE HAS BEEN DENIED
IEFTMS70 9YY-104 OPCODE=12,CA 1 SVC FUNCTION NOT AUTHORIZED

As per the CA 1 Documentation, the YSVC resource should not be checked during tape processing.

Note, the same tape can be read without problem from the same USER using IEBGENER for example.

Why is DFSORT getting this violation?

 

Environment

Release:
Component: 1

Resolution

 

The violation for the YSVC resource running DFSORT, is caused by the CA 1 version of the DFSORT exit ICETPEX. This exit is supplied with CA 1 and is used by DFSORT to retrieve DCB information (LRECL, BLKSIZE, RECFM and BLOCKCOUNT) from the TMC volume record, for the tape being processed. Since the READ access to the TMC from ICETPEX is not from Tape OPEN or CLOSE, the YSVC resource is checked.

Be sure the USER running DFSORT has appropriate access to YSVC resources YSVCUNCD or YSVCCOND.

For details on CA 1 Security see Systems Programmer Guide Chapter 6: CA 1 Passwords and Security.

If necessary, the CA 1 version of ICETPEX can be disabled by renaming the module in the CAILIB (Release 11.5 and below) or CTAPLINK(Release 12.0).

Powered by Wolken Software