search cancel

Using the CONSOLE command to delete an individual message results in message SECU008E Command not authorized for CONSOLE xxxxxxxx ---

book

Article ID: 54043

calendar_today

Updated On:

Products

CIS COMMON SERVICES FOR Z/OS 90S SERVICES DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS COMMON PRODUCT SERVICES COMPONENT Common Services Datacom/AD CA ECOMETER SERVER COMPONENT FOC EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES INFOCAI MAINTENANCE IPC UNICENTER JCLCHECK COMMON COMPONENT Mainframe VM Product Manager CHORUS SOFTWARE MANAGER CA ON DEMAND PORTAL CA Service Desk Manager - Unified Self Service PAM CLIENT FOR LINUX ON MAINFRAME MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME GRAPHICAL MANAGEMENT INTERFACE WEB ADMINISTRATOR FOR TOP SECRET Xpertware Compress Data Compression for MVS Compress Data Compression for Fujitsu Cross Enterprise Application Performance Management (APM) SYSVIEW Performance Management NXBRIDGE - SYSVIEW/ENDEVOR

Issue/Introduction

Description:

You want to execute the CONSOLE command within CA SYSVIEW and then delete an individual message. But you are receiving a security violation message: SECU008E Command not authorized for CONSOLE xxxxxxxx ---

Solution:

Things changed in this area in r12, and in the Installation Guide chapter 1 is this note:

The following z/OS resources have new actions that require new rules to validate their use as line commands.
Console Resource
New Action: DELETE
The CONSOLE command uses the DELETE action to validate the D line command for use by the CONSOLE resource.
The CONSOLE RELEASE subcommand uses the RELEASE action to validate the CONSOLE resource.

If external security is used the D line command requires a rule allowing the SV.RESN.CONSOLE.consolename.DELR entity and the RELEASE subcommand requires a command allowing the SV.RES.CONSOLE.consolename.RELR entity.
However, there is a bit more to do which isn't mentioned in that note.

By default all new commands/subcommands in a new release default to Fail so you need to update Security to allow those new functions.

So first get into CA SYSVIEW Security.
Select the ADMIN group (or whichever group applies in your case).
Select the Resource Section.
Select the Console Resource, i.e.
Cmd Resource Description
S     CONSOLE Consoles

Overtype the newresource, Access & Actions in the resulting display as shown below:

 Resource-Value                                   Access  Actions          
 newresource                                                               
   with                                                                   
 Resource-Value                                   Access  Actions          
 =                                                   A      ALL                              

This will add all of the allowable Actions.

Then remove the ones that you do not wish to have, or simply keep them all. Just ensure that DELETE and RELEASE are among those that you keep.

Environment

Release:
Component: CA90S