« previous next »
Pages: [1]

Author Topic: OnDemand V9.5 arsload requires read acceess to CSFRNG and CSFIQA profiles  (Read 1766 times)

cmodpuser

  • Jr. Member
  • **
  • Posts: 42
    • View Profile
OnDemand V9.5 arsload requires read acceess to CSFRNG and CSFIQA profiles
« on: May 07, 2018, 12:10:56 PM »
I couldn't find this requirement documented anywhere, but when we upgraded OnDemand on z/OS fro V9 to V9.5
the AFP load jobs started getting this violations:
ICH408I USER(.......
  CSFRNG CL(CSFSERV )                           
  INSUFFICIENT ACCESS AUTHORITY                 
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )
ICH408I USER(........
  CSFIQA CL(CSFSERV )                           
  INSUFFICIENT ACCESS AUTHORITY                 
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )
Has someone else run into this?
We disabled SAF authorization checking for the CSFRNG services as recommended in
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.3.0/com.ibm.zos.v2r3.csfb300/ctlserv.htm
but it appears we will have to grant read access for CSFIQA profile to all userids that load AFP reports,

Logged

Ed_Arnold

  • Hero Member
  • *****
  • Posts: 1200
    • View Profile
Re: OnDemand V9.5 arsload requires read acceess to CSFRNG and CSFIQA profiles
« Reply #1 on: May 07, 2018, 12:37:56 PM »
9.5.0.3 introduced new encryption functions.

It's mentioned somewhat in this thread - follow all of the links.

9.5.0.3 Rollup for z/OS --- new function, extensive HOLD ACTION, LE Maint req'd

http://www.odusergroup.org/forums/index.php?topic=1734.0

Also, you might want to review this from the V9.5 Release Notes thread:

http://www.odusergroup.org/forums/index.php?topic=1543.msg8502#msg8502

Ed

Logged
#zOS #ODF
Pages: [1]
« previous next »