When issuing a "SECTRACE" command from the console, the following error is received:

STC31508 NI   SECTRACE DISPLAY ID=ALL                                         
INTERNAL NR   IEE296I SECTRACE FAILED BY SECURITY INTERFACE.  RC= 28          

This is followed by a CA Common Services message that the SECTRACE address space has been terminated.

An ACID needs to be created and SECTRACE needs to be added to the STC table via:

 
TSS CREATE(acid) TYPE(USER) DEPT(dept) PASS(xxxx,0) NAME('SECTRACE Started Task ACID')
TSS ADD(acid) FAC(STC)
TSS ADD(STC) PROCNAME(SECTRACE) ACID(acid)                     

The 'acid' needs access to the SAF LNKLSTxx and LPALSTxx datasets as well.

When the SAF sectrace is activated, the started task SECTRACE is started internally, so there is no jcl associated with the STC.

It is recommended that all started task (STC) acids be given a password and OPTIONS(4) be set in the CA Top Secret parameter file. OPTIONS(4) will eliminate the prompt for a password when the STC starts, but if someone tries to signon with the STC acid, that person will need to know the password.

NOTE: Although is it not recommended, if the STC default ACID is *BYPASS*, the SAF sectrace should work without defining SECTRACE to the STC table in CA Top Secret.