Datacom MUF startup DB00205E error 1076
search cancel

Datacom MUF startup DB00205E error 1076

book

Article ID: 97872

calendar_today

Updated On:

Products

Datacom Datacom/AD Datacom/DB

Issue/Introduction

Datacom MUF startup fails with error:

DB00205E - MULTI-USER ERROR - 1076  

This occurs when using external security and the SECURITY MUF startup parameter has been coded.

Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.

Environment

Release: 15.1
Component: Datacom/DB

Cause

The 1076 error means the DBxxRAT parameter chosen for the MUF startup option SECURITY is not allowed by external security.

To externally secure a path and class, a DTSYSTEM resource class needs to be defined for each path and class and permission denied to the MUF userid. The resource name is cxxname.path-and-class.

If the resource definition is missing or if access is allowed it will return the 1076 error.

Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.

Normally external security messages of the DTSYSTEM resource checks are suppressed in the MUF.
Add the following option to the MUF startup parameters to not suppress the security messages:

DIAGOPTION 5,4,ON

This will show all the external security messages during startup.

Another problem that can cause this for IBM RACF is that the CAS9 resource translation table was not modified. It needs to be modified to change the DTSYSTEM name used by Datacom to the RACF name DT@YSTEM.

Resolution

Check that the resource definition for the path and class combination has been defined and access is denied to the MUF userid or to all userids. 

For example, if the following is coded in the MUF startup:

SECURITY DBDCSCI,DBDCSCQ,DBDCRCI,DBDCRCQ,DBDCRAQ,DBDCSSR
SECURITY DBDCRSR,DBDCSQL,DBDCSQQ,DBDCRAT

Then the following security definitions are needed:

RACF

RDEFINE DT@YSTEM cxxname.DBDCRAT UACC(NONE)

ACF2

$KEY(cxxname) TYPE(DTS) 
DBDCRAT UID(*) PREVENT

Top Secret

TSS PER(ALL) DTSYSTEM(cxxname.DBDCRAT) ACCESS(NONE)

The above security rule needs to be  coded for each of the path and class combinations specified in the SECURITY card, DBDCSCI, ,DBDCSCQ etc. In this case 10 security rules are needed.

Alternatively, define a generic resource rule to secure all paths and classes like this: 

RACF

RDEFINE DT@YSTEM cxxname.DBDC* UACC(NONE) 

ACF2

$KEY(cxxname) TYPE(DTS) 
DBDC- UID(*) PREVENT

Top Secret

TSS PER(ALL) DTSYSTEM(cxxname.DBDC*) ACCESS(NONE)

Note  the resource definition name used for RACF is DT@YSTEM instead of DTSYSTEM. This requires modification of the CAS9 resource translation table to translate the resource name DTSYSTEM used by Datacom to  DT@YSTEM. 
For Common Services (CCS) Version 14.1 and above this is done in the CAS9 startup JCL with a CAIRACF DD statement. 
For CCS releases prior to 14.1 the CAS9SAFC source needs to be modified and then reassembled and linked.
 

Additional Information

See the Datacom documentation in TechDocs sections DTSYSTEM, DB00205E, Security Interfaces, ACF2 (z/OS and z/VSE)Security Interfaces, Top Secret , (z/OS),  Security Interfaces, RACF

See related articles  51467 - How External Security for Datacom Works?  and 105192 - Datacom DB00501E RC 87 (003) XCF Security