Using the CONSOLE command to delete an individual message results in message SECU008E Command not authorized for CONSOLE xxxxxxxx ---

Document ID : KB000054043
Last Modified Date : 14/02/2018
Show Technical Document Details


You want to execute the CONSOLE command within CA SYSVIEW and then delete an individual message. But you are receiving a security violation message: SECU008E Command not authorized for CONSOLE xxxxxxxx ---


Things changed in this area in r12, and in the Installation Guide chapter 1 is this note:

The following z/OS resources have new actions that require new rules to validate their use as line commands.
Console Resource
New Action: DELETE
The CONSOLE command uses the DELETE action to validate the D line command for use by the CONSOLE resource.
The CONSOLE RELEASE subcommand uses the RELEASE action to validate the CONSOLE resource.

If external security is used the D line command requires a rule allowing the SV.RESN.CONSOLE.consolename.DELR entity and the RELEASE subcommand requires a command allowing the SV.RES.CONSOLE.consolename.RELR entity.
However, there is a bit more to do which isn't mentioned in that note.

By default all new commands/subcommands in a new release default to Fail so you need to update Security to allow those new functions.

So first get into CA SYSVIEW Security.
Select the ADMIN group (or whichever group applies in your case).
Select the Resource Section.
Select the Console Resource, i.e.
Cmd Resource Description
S     CONSOLE Consoles

Overtype the newresource, Access & Actions in the resulting display as shown below:

 Resource-Value                                   Access  Actions          
 Resource-Value                                   Access  Actions          
 =                                                   A      ALL                              

This will add all of the allowable Actions.

Then remove the ones that you do not wish to have, or simply keep them all. Just ensure that DELETE and RELEASE are among those that you keep.