When adding a new user to be permitted for CA Mainframe Software Manager, that user gets:
MML0005S - The user's access has been revoked. Reason code: 0x90C0820
But the user is in fact not revoked in the security product. What is wrong?
We use IBM Java method com.ibm.os390.security.PlatformUser.authenticate(username, password) and it return errno = EMVSSAFEXTRERR (163) and errno2 = 90c0820.
According to IBM APAR OA21806 (and APAR # PK51686):
The two low-order bytes contains the RACF return and reason codes. In this case:
8 20 The user does not have appropriate RACF access to either the SECLABEL, SERVAUTH profile, or APPL.
The likelihood is that access is needed to APPL(OMVSAPPL). For other return and reason code, refer to the appropriate documentation. Review of the system log or running a security trace may yield further information.