Security Read Access requirements for Autoproc with CA JCLCheck Workload Automation.

Document ID : KB000051704
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

When the CA JCLCheck WA "AUTOPROC" feature is enabled, a security call is made for each PROCLIB returned by JES. If READ access of a proclib fails, CA JCLCheck WA issues message "CAY6488W PROCLIB "data set name" NOT DEFINED. READ ACCESS DENIED BY SECURITY", and the proclib is omitted from allocation.

Solution:

CA JCLcheck WA must be given read-access authority to all input sources, including procedure libraries that are defined to the JES startup. If this is not feasible, and you do not want to see message CAY6488 issued, you may suppress it by applying usermod MZ2B023 from the CA JCLCheck WA SAMPJCL data set.

Also, to prevent the security message issued by the security application (ACF2, Top Secret, or RACF), use the following JCLCheck runtime option: SECURITY(NOPROG, NODASD, NOSTOR, NOMGMT, NOLOG). If the SECURITY option is already enabled, simply add "NOLOG" to the list of sub-options.