BCPII INSUFFICIENT SAF RESOURCE ACCESS AUTHORITY

Document ID : KB000012589
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

When trying to implement BCPII we have come across the following issue:

IXC104I SYSTEM STATUS DETECTION PARTITIONING PROTOCOL ELIGIBILITY:
SYSTEM CAN TARGET OTHER SYSTEMS.
SYSTEM IS NOT ELIGIBLE TO BE TARGETED BY OTHER SYSTEMS.
REASON: INSUFFICIENT SAF RESOURCE ACCESS AUTHORITY

 

Answer:


PERMIT the ALL record the following:

TSS PER(ALL) IBMFAC(HWI.TARGET.IBM390PS.) APPLDATA(BCPII) ACC(READ) 

The PERMIT must be on the ALL record because BCPII issues the FASTAUTH call in 'Cross Memory' Mode. 

Because its in cross memory mode, TSS doesn't build an ACEE, so there is no acid associate for the call and failing it causing BCPII not to initialize.

Permitting it to the ALL record allows the security check to pass and BPCII to successfully initialize. We see no security risk Permitting this resource to the ALL record because of hierarchical security checking in BCPII.