OPSMVS Batch job running PGM=OPSRMT, security access

Document ID : KB000100609
Last Modified Date : 11/06/2018
Show Technical Document Details
Issue:
The OPSRMT command processor lets you issue a TSO command to other systems from an OPS/REXX program, a TSO/E REXX program, a CLIST, a TSO terminal, or from a console logged on to the CA OPS/MVS ECF component. 
The command can contain up to 255 characters.

Running PGM=OPSRMT under OPSOSF Service Task, with a specific User (for example USER=MVSUBMT) and having CA Top Secret Security Product active,  it is possible to get the following OPS error in the joblog of the above job submitted: 

+OPS3084W LOGON OF MVSUBMT FAILED, RC=X'00000004'

and  SYSLOG can contain the following CA TSS Error:

 TSS7100E 026 J=OPSOSF A=MVSUBMT T=SYSTEM F=TSO - Invalid Source

How to bypass it and correctly execute OPSRMT? 

 
Environment:
CA OPSMVS - CA Top Secret 
Resolution:
According to the  TSSMVS Message Guide, the error : 

TSS7100E 026 J=OPSOSF A=MVSUBMT T=SYSTEM F=TSO - Invalid Source

refers to CA Top Secret DRC026: 

026 (1A) 7171
                        Use of terminal or reader source not authorized
Reason:
                        ACID has SOURCE restrictions and this reader or terminal is not in the list.
Action:
                        TSS ADDTO/REMOVE(acid) SOURCE(reader)

 
So, it is necessary to issue the following command:

TSS ADD(MVSUMBT) SOURCE(SYSTEM)

in order to fix the security error.

 In addition, according to CA OPSMVS Security Guide, the involved User must also have TSO segment allowing OPER authority