When starting the CA ENF stc you may get a security violation on the class SERVAUTH. This security violation may occur even if you have not setup CCI (within the ENF or CCI parameters) to establish a TCP/IP connection to other CA Products defined.
The following are examples of the security violation you may experience:
With RACF:
ICH408I USER(MXSTC1 ) GROUP(MXSTC ) NAME(STARTED.TASK EZB.STACKACCESS.ssis.TCPIP CL(SERVAUTH) INSUFFICIENT ACCESS AUTHORITY ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
Or with CA TOP-SECRET : TSS7250E 136 J=ENF A=TCPIP TYPE=SERVAUTH RESOURCE=EZB.STACKACCESS.ssid.TCPIP TSS7251E Access Denied to SERVAUTH <EZB.STACKACCESS.ssid.TCPIP>
The SERVAUTH class is now checked when the CAICCI subtask is being initialized. As part of normal initialization CCI sttempts to get as much network information as possible. This includes getting the HOST name for the system it is executing on. CCI issues standard TCPIP function calls, GETHOSTID and GETHOSTNAME, to obtain this information. This is done regardless of the CCI PROTOCOL that has been defined.
As a result, you need to grant READ access for the EZB.STACKACCESS resource to the userid assigned to the ENF started task.