Datacom MUF startup DB00205E error 1076
Article ID: 97872
Updated On:
Products
Issue/Introduction
Datacom MUF startup fails with error:
DB00205E - MULTI-USER ERROR - 1076
This occurs when using external security and the SECURITY MUF startup parameter has been coded.
Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.
Environment
Release: 15.1
Component: Datacom/DB
Cause
The 1076 error means the DBxxRAT parameter chosen for the MUF startup option SECURITY is not allowed by external security.
To externally secure a path and class, a DTSYSTEM resource class needs to be defined for each path and class and permission denied to the MUF userid. The resource name is cxxname.path-and-class.
If the resource definition is missing or if access is allowed it will return the 1076 error.
Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.
Normally external security messages of the DTSYSTEM resource checks are suppressed in the MUF.
Add the following option to the MUF startup parameters to not suppress the security messages:
DIAGOPTION 5,4,ON
This will show all the external security messages during startup.
Another problem that can cause this for IBM RACF is that the CAS9 resource translation table was not modified. It needs to be modified to change the DTSYSTEM name used by Datacom to the RACF name DT@YSTEM.
Resolution
Check that the resource definition for the path and class combination has been defined and access is denied to the MUF userid or to all userids.
For example, if the following is coded in the MUF startup:
SECURITY DBDCSCI,DBDCSCQ,DBDCRCI,DBDCRCQ,DBDCRAQ,DBDCSSR
SECURITY DBDCRSR,DBDCSQL,DBDCSQQ,DBDCRAT
Then the following security definitions are needed:
RACF
RDEFINE DT@YSTEM cxxname.DBDCRAT UACC(NONE)
ACF2
$KEY(cxxname) TYPE(DTS)
DBDCRAT UID(*) PREVENT
Top Secret
TSS PER(ALL) DTSYSTEM(cxxname.DBDCRAT) ACCESS(NONE)
The above security rule needs to be coded for each of the path and class combinations specified in the SECURITY card, DBDCSCI, ,DBDCSCQ etc. In this case 10 security rules are needed.
Alternatively, define a generic resource rule to secure all paths and classes like this:
RACF
RDEFINE DT@YSTEM cxxname.DBDC* UACC(NONE)
ACF2
$KEY(cxxname) TYPE(DTS)
DBDC- UID(*) PREVENT
Top Secret
TSS PER(ALL) DTSYSTEM(cxxname.DBDC*) ACCESS(NONE)
Note the resource definition name used for RACF is DT@YSTEM instead of DTSYSTEM. This requires modification of the CAS9 resource translation table to translate the resource name DTSYSTEM used by Datacom to DT@YSTEM.
For Common Services (CCS) Version 14.1 and above this is done in the CAS9 startup JCL with a CAIRACF DD statement.
For CCS releases prior to 14.1 the CAS9SAFC source needs to be modified and then reassembled and linked.
Additional Information
See the Datacom documentation in sections DTSYSTEM, DB00205E, Security Interfaces, ACF2, Security Interfaces, Top Secret, Security Interfaces, RACF.
See related articles 51467 - How External Security for Datacom Works? and 105192 - Datacom DB00501E RC 87 (003) XCF Security
Feedback
