How to determine why external security is not working for CA-View 2.0

Document ID : KB000055350
Last Modified Date : 14/02/2018
Show Technical Document Details

External security is invoked if either the ACF2 or RACF SARINIT parameter are equal to the high-level qualifier used for the external security package security rules. If you are a CA-ACF2 site, make sure the SARINIT parameter is set to the high-level qualifier used in the ACF2 rules for View. If you are a CA-TOPSECRET or RACF site, make sure the RACF SARINIT parameter is set to the high-level qualifier used in the TOPSECRET or RACF rules.

SARSECUX, View's security exit may be used without any customization. The exit will make RACROUTE calls to whatever external security package you have based on which SARINIT parameter (ACF2 or RACF) you have specified.

To determine why external security may or may not be allowing authorization, you will need to alter SARSECUX to display trace messages. Look for the following two lines in your SARSECUX source found in VIEW.CAISRC library.

* REMOVE COMMENT FROM WTO TO CAUSE DIAGNOSIC MESSAGES TO BE WRITTEN
* WTO MF=(E,WTOAREA)

Remove the comment (*) from the WTO MF=(E,WTOAREA) statement. Create a usermod job by copying HA20SE04 from the PPOPTION library and tailoring it to assemble and re-link the SARSECUX exit.

You will now see trace messages written to your terminal or in the message log. These messages will show what RACROUTE statement was sent to the external security package and the return code sent back to the View SARSECUX exit. This message should help you determine why your external security system is allowing or denying access to the View database and its reports.