New user gets MML0005S - The user's access has been revoked. Reason code: 0x90C0820
Article ID: 51249
Updated On:
Products
CA Compress Data Compression for MVS
CA Compress Data Compression for Fujitsu
CA Datacom
CA Datacom - AD
CA Mainframe Software Manager (Chorus Software Manager)
CA MICS Resource Management
CA CIS
CA Common Services for z/OS
CA 90s Services
CA Database Management Solutions for DB2 for z/OS
CA Common Product Services Component
CA Common Services
CA ecoMeter Server Component FOC
CA Easytrieve Report Generator for Common Services
CA Infocai Maintenance
CA IPC
Unicenter CA-JCLCheck Common Component
CA Mainframe VM Product Manager
CA Chorus Software Manager
CA On Demand Portal
CA Service Desk Manager - Unified Self Service
CA PAM Client for Linux for zSeries
CA Mainframe Connector for Linux on System z
CA Graphical Management Interface
CA Web Administrator for Top Secret
CA CA- Xpertware
CA Datacom/AD
Issue/Introduction
Description:
When adding a new user to be permitted for CA Mainframe Software Manager, that user gets:
MML0005S - The user's access has been revoked. Reason code: 0x90C0820
But the user is in fact not revoked in the security product. What is wrong?
Solution:
We use IBM Java method com.ibm.os390.security.PlatformUser.authenticate(username, password) and it return errno = EMVSSAFEXTRERR (163) and errno2 = 90c0820.
According to IBM APAR OA21806 (and APAR # PK51686):
The two low-order bytes contains the RACF return and reason codes. In this case:
8 20 The user does not have appropriate RACF access to either the SECLABEL, SERVAUTH profile, or APPL.
The likelihood is that access is needed to APPL(OMVSAPPL). For other return and reason code, refer to the appropriate documentation. Review of the system log or running a security trace may yield further information.
Environment
Release:
Component: MSM
Component: MSM
Feedback
Yes
No
Powered by
