CA 1 health checks fail if using RACF.

Document ID : KB000013869
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

I am running CA 1 and have some of the security options set to YES.  I also run RACF for security and have defined the 2 CLASSes for CA 1 of CA@APE and CA@MD.  Why are the health checks failing with the following messages:

CA1_VRFY_SECURITY_PROFILE_CMD    CA_1             ACTIVE(ENABLED)    EXCEPTION-LOW 

CA1_VRFY_SECURITY_PROFILE_TAPE   CA_1             ACTIVE(ENABLED)    EXCEPTION-HIGH 

 

 

Environment:
CA 1 14.0RACFCA Common Services 14.1
Answer:

Within the JCL for CAIRIM you need to have a CAIRACF DD that points to a data set with a translation table for the classes used by CA 1.  The 2 entries are:

RACFCLASS CACMD,CA@MD,FASTAUTH=NO 
RACFCLASS CATAPE,CA@APE,FASTAUTH=NO 

 

If CAS9 starts before RACF you will also need to change the CARIMPRM entry for CAIRIM to be:

PRODUCT(CAIRIM) VERSION(CAS9) INIT(CAS9INIT) PARM(SSF(RACF)) 

If you don't include the PARM the operator will be prompted to enter the name of the security product that you use.  For more information please check the install guide for CA Common Services for z/OS.