If you get this:
ICH408I USER(ARSSERV2) GROUP(ODCMARS ) NAME(XXXXXXXX) 353
353 CSFIQF CL(CSFSERV )
353 INSUFFICIENT ACCESS AUTHORITY
353 FROM * (G)
353 ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
The reason is:
One of the enhancements with OnDemand 8.5 is the encryption of passwords
with AES-128, both over the wire and in the OnDemand data base. This
gets done automagically if CSF is available and providing AES-128
service.
How does OnDemand find out if AES-128 is available? It calls CSFIQF -
ICSF Query Facility callable service. It turns out that even though
it's a query type service, you can lock it down via RACF. We use CSFIQF
and must be permitted to it.
OnDemand will get along just fine without the permission but you will
get error messages from RACF, and OD will use the pre 8.5 methods on the
passwords over the wire and in the data base.
