Running CA-SYSVIEW without RACF attribut 'TRUSTED'
book
Article ID: 52616
calendar_today
Updated On:
Products
CA CISCA Common Services for z/OSCA 90s ServicesCA Database Management Solutions for DB2 for z/OSCA Common Product Services ComponentCA Common ServicesCA Datacom/ADCA ecoMeter Server Component FOCCA Easytrieve Report Generator for Common ServicesCA Infocai MaintenanceCA IPCUnicenter CA-JCLCheck Common ComponentCA Mainframe VM Product ManagerCA Chorus Software ManagerCA On Demand PortalCA Service Desk Manager - Unified Self ServiceCA PAM Client for Linux for zSeriesCA Mainframe Connector for Linux on System zCA Graphical Management InterfaceCA Web Administrator for Top SecretCA CA- XpertwareCA Compress Data Compression for MVSCA Compress Data Compression for FujitsuCA Cross Enterprise Application Performance Management (APM)CA SYSVIEW Performance ManagementNXBRIDGE - SYSYVIEW/ENDEVOR
Issue/Introduction
Description:
To match higher security standards, customers may need to avoid general authorisations as 'Trusted' or 'Operations' and replace those with qualified RACF permissions.
Solution:
If you remove RACF attribut 'TRUSTED' and the profile ** of class PROGRAM has UACC=READ, you may get:
ICH408I USER(STCSYSV) GROUP(STC) NAME(CA-SYSVIEW ) 640IEFIB600 CL(PROGRAM) INSUFFICIENT ACCESS AUTHORITY FROM ** (G)ACCESS INTENT(READ) ACCESS ALLOWED(NONE)CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCESSED, USER UNAUTHORIZEDIEF170I 1 SYSVIEW CSV025I PROGRAM CONTROLLED MODULE IEFIB600 NOT ACCECSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STARTINGIEF170I 1 SYSVIEW CSV028I ABEND306-30 JOBNAME=SYSVIEW STEPNAME=STA
because Universal Access (UACC) is not used for RESTRICTED ids, meaning that you will need to add STCSYSV to the access list for CLASS=PROGRAM, or remove the RESTRICTED attribute from the STCSYSV id.
To access logstreams, see the documentation in the INST004x jobs.
- LOGSTRM (as documented in the jobs)
SYSVIEW needs ALTER or UPDATE access to the resource classes: