New user gets MML0005S - The user's access has been revoked. Reason code: 0x90C0820
Article ID: 51249
Updated On:
Products
Compress Data Compression for MVS
Compress Data Compression for Fujitsu
Datacom
DATACOM - AD
Mainframe Software Manager (Chorus Software Manager)
MICS Resource Management
CIS
COMMON SERVICES FOR Z/OS
90S SERVICES
DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS
COMMON PRODUCT SERVICES COMPONENT
Common Services
CA ECOMETER SERVER COMPONENT FOC
EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES
INFOCAI MAINTENANCE
IPC
UNICENTER JCLCHECK COMMON COMPONENT
Mainframe VM Product Manager
CHORUS SOFTWARE MANAGER
CA ON DEMAND PORTAL
CA Service Desk Manager - Unified Self Service
PAM CLIENT FOR LINUX ON MAINFRAME
MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME
GRAPHICAL MANAGEMENT INTERFACE
WEB ADMINISTRATOR FOR TOP SECRET
Xpertware
Issue/Introduction
Description:
When adding a new user to be permitted for CA Mainframe Software Manager, that user gets:
MML0005S - The user's access has been revoked. Reason code: 0x90C0820
But the user is in fact not revoked in the security product. What is wrong?
Solution:
We use IBM Java method com.ibm.os390.security.PlatformUser.authenticate(username, password) and it return errno = EMVSSAFEXTRERR (163) and errno2 = 90c0820.
According to IBM APAR OA21806 (and APAR # PK51686):
The two low-order bytes contains the RACF return and reason codes. In this case:
8 20 The user does not have appropriate RACF access to either the SECLABEL, SERVAUTH profile, or APPL.
The likelihood is that access is needed to APPL(OMVSAPPL). For other return and reason code, refer to the appropriate documentation. Review of the system log or running a security trace may yield further information.
Environment
Release:
Component: MSM
Component: MSM
Feedback
Yes
No
Powered by
