What is needed in ACF2 for IBM apar UA83944?

Document ID:  TEC1390781
Last Modified Date:  06/13/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA ACF2 for z/OS

Components

  • CA ACF2 for z/OS:ACF2MS
Introduction:
With OA47269 & OA49446 applied, authority is checked for a PATH,
or AIX that is being defined. However, authority is not checked
for the base cluster. This can lead to authorization failues
once a base cluster is accessed via a PATH or AIX by a user or
application that has authority to the PATH & AIX, but not the
base cluster.
Question:

What is needed in ACF2 for IBM apar UA83944?

Environment:
z/OS users at release HDZ1D10 or higher that have VSAM CLUSTERs with either Alternate Indexes (AIXs) or PATHs.
Answer:

The IBM fix introduced a new facility class STGADMIN.IGG.CATALOG.SECURIY.BOTH.  Users having READ authority to STGADMIN.IGG.CATALOG.SECURIY.BOTH are required to have ALTER authority to both the CLUSTER and the PATH or AIX when defining a path or AIX. This ensures sufficient authority to both the CLUSTER and AIX or PATH on subsequent VSAM OPENs.  Problem is resolved when PTFs are applied and READ authority is established to STGADMIN.IGG.CATALOG.SECURIY.BOTH for all users.

A sample ACF2 rule would look like this:

$KEY(STGADMIN) TYPE(FAC) 
  IGG.CATALOG.SECURIY.BOTH UID(-) SERVICE(READ) ALLOW 

Additional Information:

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing