CA CEVM signon getting LDP7005E error for entity CEM.POLICY.ACTION with SAF=4/4/0
Document ID :
Last Modified Date :
Show Technical Document Details
CA Compliance Event Manager
CA COMPLIANCE MANAGER FOR Z/OS:CACMGR
After installation of CA Compliance Event Manager, the first signon is getting 'Other LDP7005E User U201814 denied access to class CACEM, entity CEM.POLICY.ACTION, access level READ, SAF=4/4/0', what causes this error?
The error 'Other LDP7005E User U201814 denied access to class CACEM, entity CEM.POLICY.ACTION,
access level READ, SAF=4/4/0' return codes indicate the following:
RACROUTE return codes:
04 Requested function could not be completed. No RACF decision.
04 The specified resource is not protected by RACF. If PROTECTALL is active, no profile is found, and the user ID whose authority was checked does not have the SPECIAL attribute, RACF returns a return code X'08' instead of a return code X'04' and denies access.
00 One of the following has occurred:
There is no RACF profile protecting the resource.
RACF is not active.
Specified class is not in the RACF class descriptor table.
Specified class (other than DSNR) is not active.
Specified class requires SETROPTS RACLIST option to be active and it is not.
CLASS TEMPDSN was active and the data set is a temporary data set. REQUEST=AUTH Chapter 3. System Macros 43
A userid of *BYPASS* has been passed on the authorization check. No profile checking will occur.
Verified that the following RACROUTE AUTH call is issued from the CEMELDAP server for the CEM.POLICY.ACTION resource:
JOBNAME: CEMELDAP USERID: CEMSTC
PROGRAM: BPXPTATT RB CURR: BPXPTATT APF: YES SFR/RFR: 4/4:0
Based on the RACROUTE call and the return codes it is recommended checking with the RACF security administrator to verify the above possible causes that may have occurred.
Was this information helpful?