New user gets MML0005S - The user's access has been revoked. Reason code: 0x90C0820

Article Id: 51249

Status: Published

Updated On: 21-03-2018 06:11

Legacy Id: TEC531923

Products:

CA CIS , CA Common Services for z/OS , CA 90s Services , CA Database Management Solutions for DB2 for z/OS , CA Common Product Services Component , CA Common Services , CA Datacom/AD , CA ecoMeter Server Component FOC , CA Easytrieve Report Generator for Common Services , CA Infocai Maintenance , CA IPC , Unicenter CA-JCLCheck Common Component , CA Mainframe VM Product Manager , CA Chorus Software Manager , CA On Demand Portal , CA Service Desk Manager - Unified Self Service , CA PAM Client for Linux for zSeries , CA Mainframe Connector for Linux on System z , CA Graphical Management Interface , CA Web Administrator for Top Secret , CA CA- Xpertware , CA Compress Data Compression for MVS , CA Compress Data Compression for Fujitsu , CA Datacom , CA Datacom - AD , CA CIS , CA Common Services for z/OS , CA 90s Services , CA Database Management Solutions for DB2 for z/OS , CA Common Product Services Component , CA Common Services , CA Datacom/AD , CA ecoMeter Server Component FOC , CA Easytrieve Report Generator for Common Services , CA Infocai Maintenance , CA IPC , Unicenter CA-JCLCheck Common Component , CA Mainframe VM Product Manager , CA Chorus Software Manager , CA On Demand Portal , CA Service Desk Manager - Unified Self Service , CA PAM Client for Linux for zSeries , CA Mainframe Connector for Linux on System z , CA Graphical Management Interface , CA Web Administrator for Top Secret , CA CA- Xpertware , CA Mainframe Software Manager (Chorus Software Manager) , CA MICS Resource Management

Issue/Introduction:

Description:

When adding a new user to be permitted for CA Mainframe Software Manager, that user gets:

MML0005S - The user's access has been revoked. Reason code: 0x90C0820

But the user is in fact not revoked in the security product. What is wrong?

Solution:

We use IBM Java method com.ibm.os390.security.PlatformUser.authenticate(username, password) and it return errno = EMVSSAFEXTRERR (163) and errno2 = 90c0820.

According to IBM APAR OA21806 (and APAR # PK51686):

The two low-order bytes contains the RACF return and reason codes. In this case:

8        20      The user does not have appropriate RACF access to either the SECLABEL, SERVAUTH profile, or APPL.

The likelihood is that access is needed to APPL(OMVSAPPL). For other return and reason code, refer to the appropriate documentation. Review of the system log or running a security trace may yield further information.

Environment:

Release:
Component: MSM