Portal | Manuals | References | Downloads | Info | Programs | JCLs | Master the Mainframes
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Usergroups Profile Log in to check your private messages Log in
 

 

IMS security error

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> IMS DB/DC
View previous topic :: :: View next topic  
Author Message
sathyaraj

New User


Joined: 28 Sep 2007
Posts: 71
Location: India.

PostPosted: Thu Jul 03, 2014 4:34 pm    Post subject: IMS security error
Reply with quote

Hi All,

I am new to using IMS DB so please pardon my ignorance.

I am trying to run a BMP program in a batch job in one of our test regions. This job runs everyday in production without any issues. I used the production PSB source and did a PSBGEN using the IMS resources for the development region. Used the same DBDLIB from production. The job fails with the below error. Would this job use the ACBLIB? Its not hardcoded in the job but I understand that it can be picked up from the system defined libraries.

DFS2854A USERID ,S010 ,00016,0084-FAILED SECURITY CHECK. IMSQ

I am able to edit data in the test region with my ID in file manager which means that it could not be an issue with my ID. Can you please help?
Back to top
View user's profile Send private message

Ed Goodman

Active Member


Joined: 08 Jun 2011
Posts: 556
Location: USA

PostPosted: Thu Jul 03, 2014 5:53 pm    Post subject:
Reply with quote

My manual reads:
084 IMS Resource is not authorized for this dependent region per SAF (RACF) check.

IMS can store a lot of info in the recon libraries. You may be attempting to update prod without realizing it. I say that because your job is trying to use a resource that the test region is not allowed to use.

BMP uses the region's psb/dbd/acb libraries as needed. You are really just running a transaction in the region. My BMP procs don't even HAVE DBD/PSB/ACB libraries in them.

So...find an existing BMP job from a test region, and use it.
Back to top
View user's profile Send private message
sathyaraj

New User


Joined: 28 Sep 2007
Posts: 71
Location: India.

PostPosted: Thu Jul 03, 2014 6:24 pm    Post subject:
Reply with quote

Thanks Goodman.

I just gave the PSB/DBD/ACB libraries in the steplib as I couldn't find which are the system libraries that the proc will refer to.

I could also see that the BMP is in NOTINIT status. Will try to start it.

Also I suspect AGN could be a problem. Can you please tell me where I can look for the AGNs defined/available for a particular region?

NB: This is the first job setup we are creating in this test region icon_sad.gif
Back to top
View user's profile Send private message
Ed Goodman

Active Member


Joined: 08 Jun 2011
Posts: 556
Location: USA

PostPosted: Thu Jul 03, 2014 10:11 pm    Post subject:
Reply with quote

No offense, and I think you would agree, you're in over your head.

You really really really need to spend some time hunting down an existing BMP proc.

NOTINIT means that there was something missing when the region started.
Back to top
View user's profile Send private message
Gary Jacek

New User


Joined: 17 Dec 2007
Posts: 44
Location: Victoria, BC, Canada

PostPosted: Tue Jul 08, 2014 12:13 am    Post subject:
Reply with quote

I agree with Ed. Finding an existing BMP proc is an excellent first step.
If your task does require a new PSB, then it appears you must also address the security issue.

In the case of your new PSB, your userid is not permitted for a resource in RACF, that is required to use the PSB.

Unfortunately, if you don't tell us what IMS version you are using, it is very difficult to give you an answer.

There were major changes in this area between IMS V9.1 and other releases up to IMS V13.1. The old AGN security went away, to be replaced by APSB security and some optional exit code. At the same time, various security definitions moved from the Stage1 SECURITY macro to IMS PROCLIB members DFSPBxxx and DFSDCxxx.

If you are on a supported release (V11, V12 or V13) and can see the JESMSGLG output from your IMS Control Region, look for this message "DFS1929I * IMS SYSTEM PARAMETERS ACTIVE".

DFS1929I messages that follow, will show you the values used for ISIS, RCF, RCLASS and SGN.

Once you have this information, you can use the IMS System Definition Reference for your IMS release, to interpret how RCLASS is used on your system.

OR...you could ask your IMS systems programmer to interpret these for you, in the context of the PSB you added and what you are trying to achieve.

In general, IMS appends a 1 character prefix to RCLASS and uses this as a RACF Class, when calling RACF to determine if you are permitted to READ a resource in that RACF Class. Depending upon your settings as displayed in the DFS1929I messages, that one character -could- be "A".

So for example, if RCLASS is IMQ and your PSB is called YOURPSB and your userid is USER1, your IMSQ system may be calling RACF to determine if USER1 has a minimum of READ permission for resource YOURPSB in CLASS(AIMQ).

You will need a RACF Security Administrator to help you, once you know what you need. Perhaps meet them both for coffee?
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> IMS DB/DC All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
No new posts S922 Error yuvan ABENDS & Debugging 3 Fri Dec 02, 2016 6:58 pm
No new posts Invoke Webservice Fails with DFHPI100... divated CICS 2 Thu Nov 24, 2016 5:57 pm
No new posts Error during restore rename archanamuthukrishnan All Other Mainframe Topics 2 Fri Oct 14, 2016 3:30 pm
No new posts Error IEC161I 052(009,XXXRS00)-084 wh... amitc23 JCL & VSAM 10 Wed Oct 12, 2016 5:00 pm
No new posts IDMS/DC-COBOL program - SNAP error wh... rakeshsekar1987 IDMS/ADSO 5 Tue Sep 13, 2016 8:28 pm


Facebook
Back to Top
 
Mainframe Wiki | Forum Rules | Bookmarks | Subscriptions | FAQ | Tutorials | Contact Us