CA Datacom MUF startup DB00205E error 1076

Document ID : KB000097872
Last Modified Date : 06/07/2018
Show Technical Document Details
Issue:

CA Datacom MUF startup fails with error:

DB00205E - MULTI-USER ERROR - 1076  

This occurs when using external security and the SECURITY MUF startup parameter has been coded.

Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.

Cause:

The 1076 error means the DBxxRAT parameter chosen for the MUF startup option SECURITY is not allowed by external security.

To externally secure a path and class, a DTSYSTEM resource class needs to be defined for each path and class and permission denied to the MUF userid. The resource name is cxxname.path-and-class.

If the resource definition is missing or if access is allowed it will return the 1076 error.

Other 10nn errors are possible depending on the path and class causing the error, 1050,1051, 1054, 1055, 1077, 1082,1083, 1086 and 1087.

Normally external security messages of the DTSYSTEM resource checks are suppressed in the MUF.
Add the following option to the MUF startup parameters to not suppress the security messages:

DIAGOPTION 5,4,ON

This will show all the external security messages during startup.

Another problem that can cause this for RACF is the CAS9 resource translation table was not modified. It needs to be modified to change the DTSYSTEM name used by Datacom to the RACF name DT@YSTEM.

 

Resolution:

Check that the resource definition for the path and class combination has been defined and access is denied to the MUF userid or to all userids. 

For example, if the following is coded in the MUF startup:

SECURITY DBDCSCI,DBDCSCQ,DBDCRCI,DBDCRCQ,DBDCRAQ,DBDCSSR
SECURITY DBDCRSR,DBDCSQL,DBDCSQQ,DBDCRAT

Then the following security definitions are needed:


RACF

RDEFINE DT@YSTEM cxxname.DBDCRAT UACC(NONE)

CA ACF2

$KEY(cxxname) TYPE(DTS) 
DBDCRAT UID(*) PREVENT


CA Top Secret

TSS PER(ALL) DTSYSTEM(cxxname.DBDCRAT) ACCESS(NONE)

The above security rule needs to be  coded for each of the path and class combinations specified in the SECURITY card, DBDCSCI, ,DBDCSCQ etc. In this case 10 security rules are needed.

Alternatively, define a generic resource rule to secure all paths and classes like this: 


RACF

RDEFINE DT@YSTEM cxxname.DBDC* UACC(NONE) 


CA ACF2

$KEY(cxxname) TYPE(DTS) 
DBDC- UID(*) PREVENT


CA Top Secret

TSS PER(ALL) DTSYSTEM(cxxname.DBDC*) ACCESS(NONE)


Note  the resource definition name used for RACF is DT@YSTEM instead of DTSYSTEM. This requires modification of the CAS9 resource translation table to translate the resource name DTSYSTEM used by Datacom to  DT@YSTEM. 
For CA Common Services (CCS) Version 14.1 and above this is done in the CAS9 startup JCL with a CAIRACF DD statement. 
For CCS releases prior to 14.1 the CAS9SAFC source needs to be modified and then reassembled and linked.
 

Additional Information: