|
View previous topic :: View next topic
|
| Author |
Message |
sathyaraj
New User
Joined: 28 Sep 2007
Posts: 71
Location: India.
|
|
|
|
Hi All,
I am new to using IMS DB so please pardon my ignorance.
I am trying to run a BMP program in a batch job in one of our test regions. This job runs everyday in production without any issues. I used the production PSB source and did a PSBGEN using the IMS resources for the development region. Used the same DBDLIB from production. The job fails with the below error. Would this job use the ACBLIB? Its not hardcoded in the job but I understand that it can be picked up from the system defined libraries.
DFS2854A USERID ,S010 ,00016,0084-FAILED SECURITY CHECK. IMSQ
I am able to edit data in the test region with my ID in file manager which means that it could not be an issue with my ID. Can you please help? |
|
| Back to top |
|
 |
Ed Goodman
Active Member
Joined: 08 Jun 2011
Posts: 556
Location: USA
|
|
|
|
My manual reads:
084 IMS Resource is not authorized for this dependent region per SAF (RACF) check.
IMS can store a lot of info in the recon libraries. You may be attempting to update prod without realizing it. I say that because your job is trying to use a resource that the test region is not allowed to use.
BMP uses the region's psb/dbd/acb libraries as needed. You are really just running a transaction in the region. My BMP procs don't even HAVE DBD/PSB/ACB libraries in them.
So...find an existing BMP job from a test region, and use it. |
|
| Back to top |
|
|
sathyaraj
New User
Joined: 28 Sep 2007
Posts: 71
Location: India.
|
|
|
|
Thanks Goodman.
I just gave the PSB/DBD/ACB libraries in the steplib as I couldn't find which are the system libraries that the proc will refer to.
I could also see that the BMP is in NOTINIT status. Will try to start it.
Also I suspect AGN could be a problem. Can you please tell me where I can look for the AGNs defined/available for a particular region?
NB: This is the first job setup we are creating in this test region  |
|
| Back to top |
|
|
Ed Goodman
Active Member
Joined: 08 Jun 2011
Posts: 556
Location: USA
|
|
|
|
No offense, and I think you would agree, you're in over your head.
You really really really need to spend some time hunting down an existing BMP proc.
NOTINIT means that there was something missing when the region started. |
|
| Back to top |
|
|
Gary Jacek
New User
Joined: 17 Dec 2007
Posts: 64
Location: Victoria, BC, Canada
|
|
|
|
I agree with Ed. Finding an existing BMP proc is an excellent first step.
If your task does require a new PSB, then it appears you must also address the security issue.
In the case of your new PSB, your userid is not permitted for a resource in RACF, that is required to use the PSB.
Unfortunately, if you don't tell us what IMS version you are using, it is very difficult to give you an answer.
There were major changes in this area between IMS V9.1 and other releases up to IMS V13.1. The old AGN security went away, to be replaced by APSB security and some optional exit code. At the same time, various security definitions moved from the Stage1 SECURITY macro to IMS PROCLIB members DFSPBxxx and DFSDCxxx.
If you are on a supported release (V11, V12 or V13) and can see the JESMSGLG output from your IMS Control Region, look for this message "DFS1929I * IMS SYSTEM PARAMETERS ACTIVE".
DFS1929I messages that follow, will show you the values used for ISIS, RCF, RCLASS and SGN.
Once you have this information, you can use the IMS System Definition Reference for your IMS release, to interpret how RCLASS is used on your system.
OR...you could ask your IMS systems programmer to interpret these for you, in the context of the PSB you added and what you are trying to achieve.
In general, IMS appends a 1 character prefix to RCLASS and uses this as a RACF Class, when calling RACF to determine if you are permitted to READ a resource in that RACF Class. Depending upon your settings as displayed in the DFS1929I messages, that one character -could- be "A".
So for example, if RCLASS is IMQ and your PSB is called YOURPSB and your userid is USER1, your IMSQ system may be calling RACF to determine if USER1 has a minimum of READ permission for resource YOURPSB in CLASS(AIMQ).
You will need a RACF Security Administrator to help you, once you know what you need. Perhaps meet them both for coffee? |
|
| Back to top |
|
|
|
|
