Using panel 3.3.1 in CA-Auditor to select A for external Security rules, get a failure on the R_admin callable service running Top Secret.

Document ID : KB000055031
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Using the CA-Auditor product, panel 3.3.1 to display Standard Exits, and selecting option A for external security, I am getting a failure.

The error message is as follows:

R_admin callable service SAFRC 8 ESMRC 8 ESMRSNC 20, please contact support

I am running Top Secret as my external security package.

Solution:

From the RACF Callable Services manual (z/OS 1.6), an 8:8:20 for R_admin indicates the function is not supported for problem state caller.

You need to allow access to IBMFAC(IRR.RADMIN) for the user.

Right now TOP SECRET is passing a RC 4 on the IRR.RADMIN security call because it is not defined(owned) by TOP SECRET.

If they define(own) it to TOP SECRET, it will be considered a TOP SECRET protected resource and will receive RC 8 if the user is not PERMITted to the resource.

So, if they own it, they will need to PERMIT it to all acids that need access to it including the CA-Auditor Started Task.

Example:

TSS ADD(acid) IBMFAC(IRR.RADMIN) to own it.
TSS PER(acid) IBMFAC(IRR.RADMIN) ACC(accesslevel) to permit it.

You might also consider a permit to ALL record initially...

TSS PER(ALL) IBMFAC(IRR.RADMIN) ACC(READ) ACTION(AUDIT)

This will ensure that no one is denied access, and, will cut an OK+A record to the audit file, so you can track who may actually access the resource.... And, then go with specific permits, at the user, or profile level.