Security violations when putting maintenance to a CA product

book

Article ID: 52251

calendar_today

Updated On:

Products

CA Compress Data Compression for MVS CA Compress Data Compression for Fujitsu CA Datacom - DB CA Datacom CA Datacom - AD CA Datacom - Server CA Mainframe Software Manager (Chorus Software Manager) CA MICS Resource Management CA CIS CA Common Services for z/OS CA 90s Services CA Database Management Solutions for DB2 for z/OS CA Common Product Services Component CA Common Services CA ecoMeter Server Component FOC CA Easytrieve Report Generator for Common Services CA Infocai Maintenance CA IPC Unicenter CA-JCLCheck Common Component CA Mainframe VM Product Manager CA Chorus Software Manager CA On Demand Portal CA Service Desk Manager - Unified Self Service CA PAM Client for Linux for zSeries CA Mainframe Connector for Linux on System z CA Graphical Management Interface CA Web Administrator for Top Secret CA CA- Xpertware CA Datacom/AD

Issue/Introduction

When putting maintenance to a CA product you can get the following security errors:

 BPXP024I BPXAS INITIATOR STARTED ON BEHALF OF JOB MSMMKDIR RUNNING IN ASID 0059
 ICH408I USER(xxxxxxx ) GROUP(yyyyyyy ) NAME( zzzzzzz zzzzzzz ) 835
    /extractorGimapiTrace
    CL(DIRACC ) FID(00000001000000010000000000000000)
    INSUFFICIENT AUTHORITY TO MKDIR
    ACCESS INTENT(-W-) ACCESS ALLOWED(OTHER R-X)
    EFFECTIVE UID(0000010033) EFFECTIVE GID(0000000112)
 ICH408I USER(xxxxxxx ) GROUP(yyyyyyy ) NAME( zzzzzzz zzzzzzz ) 845
    /extractorTrace CL(DIRACC ) FID(00000001000000010000000000000000)
    INSUFFICIENT AUTHORITY TO UNLINK
    ACCESS INTENT(-W-) ACCESS ALLOWED(OTHER R-X)
    EFFECTIVE UID(0000010033) EFFECTIVE GID(0000000112)

 



Environment

Release:
Component: MSM

Resolution

This sample shows RACF security violations, but to solve it you will need to add the UID(0) to the user you are using.
Or use BPX.SUPERUSER profile of FACILITY class, instead of UID(0).