search cancel

XPEDITER job abends with S047, unauthorized program issued a restricted SVC instruction.

book

Article ID: 54288

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

Description:

The Xpediter/TSO module issues a RACROUTE AUTH call with STATUS=ACCESS. CA ACF2 considers such a call requesting security definitions to require proper program authorization. IBM does not, allowing this call (with STATUS=ACCESS) to be issued from an unauthorized program.

ACF2 checks for this additional authorization and fails this call because TSO sessions do not run as being APF authorized.

To get around this issue, a SAFDEF needs to be defined to allow this program to issue this RACROUTE call with STATUS ACCESS and to remove the check for proper program authorization (APF requirement).

Solution:

Define a SAFDEF for this RACROUTE AUTH call including the program name and NOAPFCHK as follows:

INSERT SAFDEF.apf PROGRAM(pgmname) RB(pgmname) NOAPFCHK
RACROUTE(REQUEST=AUTH,CLASS=DATASET,STATUS=ACCESS)

where "pgmname" is the Xpeditor program name.

To implement this SAFDEF record, issue:

F ACF2,REFRESH(SAFDEF)

Environment

Release:
Component: ACF2MS