Using panel 3.3.1 in CA-Auditor to select A for external Security rules, get a failure on the R_admin callable service running Top Secret.
search cancel

Using panel 3.3.1 in CA-Auditor to select A for external Security rules, get a failure on the R_admin callable service running Top Secret.

book

Article ID: 55031

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC Auditor for z/OS PanApt PanAudit

Issue/Introduction

Using the CA-Auditor product, panel 3.3.1 to display Standard Exits, and selecting option A for external security, I am getting a failure.

The error message is as follows:

R_admin callable service SAFRC 8 ESMRC 8 ESMRSNC 20, please contact support

I am running Top Secret as my external security package.

 

 

Environment

Release:
Component: ACF2MS

Resolution

From the RACF Callable Services manual (z/OS 1.6), an 8:8:20 for R_admin indicates the function is not supported for problem state caller.

You need to allow access to IBMFAC(IRR.RADMIN) for the user.

Right now TOP SECRET is passing a RC 4 on the IRR.RADMIN security call because it is not defined(owned) by TOP SECRET.

If they define(own) it to TOP SECRET, it will be considered a TOP SECRET protected resource and will receive RC 8 if the user is not PERMITted to the resource.

So, if they own it, they will need to PERMIT it to all acids that need access to it including the CA-Auditor Started Task.

Example:

TSS ADD(acid) IBMFAC(IRR.RADMIN) to own it.
TSS PER(acid) IBMFAC(IRR.RADMIN) ACC(accesslevel) to permit it.

You might also consider a permit to ALL record initially...

TSS PER(ALL) IBMFAC(IRR.RADMIN) ACC(READ) ACTION(AUDIT)

This will ensure that no one is denied access, and, will cut an OK+A record to the audit file, so you can track who may actually access the resource.... And, then go with specific permits, at the user, or profile level.