Running CA-SYSVIEW without RACF attribut 'TRUSTED'
book
Article ID: 52616
calendar_today
Updated On:
Products
CISCOMMON SERVICES FOR Z/OS90S SERVICESDATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OSCOMMON PRODUCT SERVICES COMPONENTCommon ServicesDatacom/ADCA ECOMETER SERVER COMPONENT FOCEasytrieve Report Generator for Common ServicesINFOCAI MAINTENANCEIPCUNICENTER JCLCHECK COMMON COMPONENTMainframe VM Product ManagerCHORUS SOFTWARE MANAGERCA ON DEMAND PORTALCA Service Desk Manager - Unified Self ServicePAM CLIENT FOR LINUX ON MAINFRAMEMAINFRAME CONNECTOR FOR LINUX ON MAINFRAMEGRAPHICAL MANAGEMENT INTERFACEWEB ADMINISTRATOR FOR TOP SECRETXpertwareCompress Data Compression for MVSCompress Data Compression for FujitsuCross Enterprise Application Performance Management (APM)SYSVIEW Performance ManagementNXBRIDGE - SYSVIEW/ENDEVOR
Issue/Introduction
Description:
To match higher security standards, customers may need to avoid general authorisations as 'Trusted' or 'Operations' and replace those with qualified RACF permissions.
Solution:
If you remove RACF attribut 'TRUSTED' and the profile ** of class PROGRAM has UACC=READ, you may get:
ICH408I USER(STCSYSV) GROUP(STC) NAME(CA-SYSVIEW ) 640IEFIB600 CL(PROGRAM) INSUFFICIENT ACCESS AUTHORITY FROM ** (G)ACCESS INTENT(READ) ACCESS ALLOWED(NONE)CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCESSED, USER UNAUTHORIZEDIEF170I 1 SYSVIEW CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCECSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STARTINGIEF170I 1 SYSVIEW CSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STA
because Universal Access (UACC) is not used for RESTRICTED ids, meaning that you will need to add STCSYSV to the access list for CLASS=PROGRAM, or remove the RESTRICTED attribute from the STCSYSV id.
To access logstreams, see the documentation in the INST004x jobs.
- LOGSTRM (as documented in the jobs)
SYSVIEW needs ALTER or UPDATE access to the resource classes: