Define Security for jobs submitted from the SAMS address space

Document ID : KB000016410
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

If security is not properly defined, an error message like, "LOGONID NOT VALID FOR SUBMISSION BY PROGRAM - ..." will be displayed.

Question:

How to Define Security for jobs submitted from the SAMS address space 

Answer:

The program submitting the job is not a "SAM" and there is a difference
which subsystem is submitting.
  
The following table is valid in the case of this error message:
LOGONID NOT VALID FOR SUBMISSION BY PROGRAM - OBJECTSV
 
This means that the GOA submitting the job and the Program that needs the security profile
defined is ENINTRD.  In the case of PC Windows Client or for 3270 Scripts the program is GENINTRD.
  
Mother......INTRDR
TCB..........Program......Functions that Submit
--------------------------------------------------
EWSAPPL...GENINTRD PC Windows Client and GMI
SSM3LU2...GENINTRD View/3270 Client and GMI
OBJECTSV..ENINTRD  General Object Automation (GOA)
SBTSUB....GENINTRD Script Layer, DSGroup Threshold, EOJ Service
TSCHEDS...GENINTRD Scheduled Vol Defrags and Vol/StgGroup
  
The table and more info is available here...
https://docops.ca.com/ca-vantage-storage-resource-manager/14-0/en/installing/startup-configuration/perform-initial-startup
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
The topic: Security - Maintaining Security when Automation Submits Jobs, is important in this case.
RACF and TOP secret have different behavior.
  
With RACF and CA TopSecret, the adding of LOGONID is automatically done to the job when the job is submitted.
(The logon ID and password associated with the CA Vantage started task.) 
 
CA ACF2 has a different behaviour.  ACF2 is not adding LOGONID to job.
Instead, a special logon ID should be created for these submitted jobs.
The model JCL references it in either a //*LOGONID logon ID statement or the USER=logon ID parameter of the JOB statement.
 
This is why the problem "ACF01009 LOGONID" occurs submitting the job even though the program is defined in security.
Top secret and RACF do this automatically. 
 
All is described here in section Security - Maintaining Security when Automation Submits Jobs
 https://docops.ca.com/ca-vantage-storage-resource-manager/14-0/en/using/job-submission-and-substitution#JobSubmissionandSubstitution-SecurityServices