Ah-so! Thanks for your reply here. We've had to make some remediation to our CMOD RACF environment to cause OD to run NOTRUST,NOPASSWORD (aka, PROTECTED) to secure it based on STIG DISA PCI security standards. In doing so, we've created an anomaly in our JOBTRAC scheduling environment. A set of applications that run in our JOBTRAC scheduling environment submits these utility jobs for ARSLOAD from time to time and now they are failing.
--------------------------------------------------------------------------------------------
Scenario (A): job fails when JOBTRAC 'submits' the jcl with NO 'stash' file, no parameters (-u -p), and no //JOBCARD USER= PASSWORD= values. We get the following errors:
ARS1105E Userid or password is invalid
ARS1401I Unified login user id(123456794) user name(JOBTRAC)
ARS4318E Processing failed for file >/ars/tmp/915 (DD:INPUT-TEST.T
ARS1105E Userid or password is invalid
ARS1401I Unified login user id(123456794) user name(JOBTRAC)
--------------------------------------------------------------------------------------------
Scenario (B): job fails when JOBTRAC 'submits' the jcl with NO 'stash' file, no parameters (-u -p), and we DO include a //JOBCARD USER=ARSOCKDT (where ARSOCKDT is the CMOD server STC name on our zOS). We get these errors:
ICH408I USER(ARSOCKDT) GROUP(STCGROUP) NAME(ONDEMAND STC)
SUBMITTER(JOBTRAC )
LOGON/JOB INITIATION - SUBMITTER IS NOT AUTHORIZED BY USER
$HASP106 JOB DELETED BY JES2 OR CANCELLED BY OPERATOR BEFORE EXECUTION
We have NOT limited the JOBTRAC STC to a PROPCNTL Class in RACF, it (JOBTRAC) should be able to propagate authority to the submitted batch job with without USER= on the //JOBCARD (hence our puzzlement of Scenario (A) failure. Scenario (B) was a test to determine if SURROGAT Class may be required here (or not). I can't find any documentation on what ARSLOAD may require in a 'Unified Login Environment' within CMOD. Would you be able to test and determine in your lab?
Many thanks for your response!