I am new to using IMS DB so please pardon my ignorance.
I am trying to run a BMP program in a batch job in one of our test regions. This job runs everyday in production without any issues. I used the production PSB source and did a PSBGEN using the IMS resources for the development region. Used the same DBDLIB from production. The job fails with the below error. Would this job use the ACBLIB? Its not hardcoded in the job but I understand that it can be picked up from the system defined libraries.
My manual reads:
084 IMS Resource is not authorized for this dependent region per SAF (RACF) check.
IMS can store a lot of info in the recon libraries. You may be attempting to update prod without realizing it. I say that because your job is trying to use a resource that the test region is not allowed to use.
BMP uses the region's psb/dbd/acb libraries as needed. You are really just running a transaction in the region. My BMP procs don't even HAVE DBD/PSB/ACB libraries in them.
So...find an existing BMP job from a test region, and use it.
Joined: 17 Dec 2007 Posts: 59 Location: Victoria, BC, Canada
I agree with Ed. Finding an existing BMP proc is an excellent first step.
If your task does require a new PSB, then it appears you must also address the security issue.
In the case of your new PSB, your userid is not permitted for a resource in RACF, that is required to use the PSB.
Unfortunately, if you don't tell us what IMS version you are using, it is very difficult to give you an answer.
There were major changes in this area between IMS V9.1 and other releases up to IMS V13.1. The old AGN security went away, to be replaced by APSB security and some optional exit code. At the same time, various security definitions moved from the Stage1 SECURITY macro to IMS PROCLIB members DFSPBxxx and DFSDCxxx.
If you are on a supported release (V11, V12 or V13) and can see the JESMSGLG output from your IMS Control Region, look for this message "DFS1929I * IMS SYSTEM PARAMETERS ACTIVE".
DFS1929I messages that follow, will show you the values used for ISIS, RCF, RCLASS and SGN.
Once you have this information, you can use the IMS System Definition Reference for your IMS release, to interpret how RCLASS is used on your system.
OR...you could ask your IMS systems programmer to interpret these for you, in the context of the PSB you added and what you are trying to achieve.
In general, IMS appends a 1 character prefix to RCLASS and uses this as a RACF Class, when calling RACF to determine if you are permitted to READ a resource in that RACF Class. Depending upon your settings as displayed in the DFS1929I messages, that one character -could- be "A".
So for example, if RCLASS is IMQ and your PSB is called YOURPSB and your userid is USER1, your IMSQ system may be calling RACF to determine if USER1 has a minimum of READ permission for resource YOURPSB in CLASS(AIMQ).
You will need a RACF Security Administrator to help you, once you know what you need. Perhaps meet them both for coffee?