OnDemand User Group
Support Forums => z/OS Server => Topic started by: cmodpuser on May 07, 2018, 12:10:56 PM
-
I couldn't find this requirement documented anywhere, but when we upgraded OnDemand on z/OS fro V9 to V9.5
the AFP load jobs started getting this violations:
ICH408I USER(.......
CSFRNG CL(CSFSERV )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
ICH408I USER(........
CSFIQA CL(CSFSERV )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
Has someone else run into this?
We disabled SAF authorization checking for the CSFRNG services as recommended in
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.csfb300/ctlserv.htm
but it appears we will have to grant read access for CSFIQA profile to all userids that load AFP reports,
-
9.5.0.3 introduced new encryption functions.
It's mentioned somewhat in this thread - follow all of the links.
9.5.0.3 Rollup for z/OS --- new function, extensive HOLD ACTION, LE Maint req'd
http://www.odusergroup.org/forums/index.php?topic=1734.0 (http://www.odusergroup.org/forums/index.php?topic=1734.0)
Also, you might want to review this from the V9.5 Release Notes thread:
http://www.odusergroup.org/forums/index.php?topic=1543.msg8502#msg8502
Ed