Tape job receives s913-60 ABEND

Document ID : KB000029188
Last Modified Date : 14/02/2018
Show Technical Document Details

TITLE

Tape job receives s913-60 ABEND

DESCRIPTION

Tape job receives the following error messages.

IEC518I SOFTWARE ERRSTAT: RACFPROT dev,volser,SL,jobname,stepname 

IEC502E K dev,volser,SL,jobname,stepname                  
IEC150I 913-60,IFG0194F,jobname,stepname, ddname,dev,,dsname

 

SOLUTION

 

DFSMS provides additional security functions for tape data sets through the DEVSUPxx parmlib options.

DFSMSdfp can now issue RACROUTE in the DATASET class to enable tape data sets to be authorized in the same way that DASD data sets are authorized.

To help you implement the new tape data set security function of DFSMSdfp, additional options allow access to tape data sets that either CA ACF2 does not protect or you are not authorized to access. The TAPEAUTHRC4 and TAPEAUTHRC8 options allow you this control.

TAPEAUTHRC4 = { ALLOW|FAIL }
TAPEAUTHRC8 = { FAIL|WARN }

specifying TAPEAUTHRC4=FAIL will cause the above S913-60 abend to occur if the following default safdef is in use.... 

 DSNSVC19 JOBNAME=********   USERID=********   PROGRAM=********   RB=SVC019  
          RETCODE=4          SAFDEF=INTERNAL   MODE=IGNORE        SUBSYS=ACF2
          FUNCRET=4          FUNCRSN=0                                       
                                                                             
          RACROUTE REQUEST=AUTH,CLASS='DATASET'                              
                                                                             

This safdef causes return code 4 to be issued for the racroute request=auth that is issued by open/close/eov processing.

SMFID= ssss         TOD= 07:44:08.97    TRACEID= TEST       USERID= xxxxxxx
JOBNAME= xxxxxxx    ASID= 00B8          PGM= xxxxxxxx       CURR RB= SVC019
  SFR/RFR= 4/4:0      MODE= TASK          APF= AUTHORIZED     LOCKS= NONE 
  SAFDEF= DSNSVC19 INTERNAL MODE= IGNORE                                  
                                                                          
  RACROUTE REQUEST=AUTH,REQSTOR='TAPEOPEN',SUBSYS='OCEOV',                
           CLASS='DATASET',RELEASE=1.9,STATUS=ERASE,ATTR=UPDATE,          
           DSTYPE=N,ENTITY=('dataset.name.on.tape'),                      
           FILESEQ=0,GENERIC=ASIS,LOG=ASIS,MSGSP=0,TAPELBL=STD,           
           VOLSER='vvvvvv',WORKA=                                         

 

If you specify TAPEAUTHRC4=ALLOW the validation will be allowed and then the standard ACF2 intercept will continue to validate the request correctly.

There is no need to fail the racroute request with TAPEAUTHRC4=FAIL  because standard ACF2 processing will validate the access after the racroute request.