In CA View, there could be times when an "Authorization Failed" message will appear. Below are conditions when it could occur, with a corresponding solution:
. For situation analysis, for a short time set SARINIT FEATURE=1, for security diagnostics.
If an "Authorization Failed" message appears, you will see the following diagnostic messages:
SARATH92 AUTHORIZATION FAILED userid UNDER interface RC=xx.xx.xx
SARATH92 CLASS=class ENTITY=resource entity
Reason: Userid is not authorized to access the requested resource
for the specified CLASS and ENTITY value.
Action: Consult with your security administrator or systems programming
group to determine the reason why the authorization was not granted.
. An "Authorization Failed" message can appear in the following instances, when attempting to browse reports in CA View:
. If there is a customized SARSECUX exit in use:
. Review the coding of the exit, as a modified exit may be keeping the security from working properly.
. If there was a change in a user's security profile:
. Review the profile, to determine the nature of the change that lost any security access.
. If, in external security, the resource class CHA1VIEW is not raclisted.
. If there are specific external security rules in use:
. Review the SARINIT parms SECID=... and SECURITY=....
If SECURITY=EXTERNAL, then SECID=... is the first node of the security rules that are in use for the database.
The following View native security rules can be used for browsing reports:
secid.VIEW.000.* or secid.VIEW.*
Review rules similar to the above, to make sure that they have been entered correctly.
. It could be that the user does not have the proper level of access. Even with a report browse, a user is making an update to the database.
. If received when using ROSCOE and RACF:
. See if the failure can be repeated when accessing the same report through TSO.
If the failure is repeated, it could be due to a modified SARUSRUX exit. Review the coding of the exit.
. If CA Deliver is used, it may be due to a Report Definition, with Distribution IDs with setting of "Y" for Rview.
The "Y" setting indicates a user has restrictedviewing privileges. A setting of "N" will lift the restriction.
. If basic SARINIT security settings are used (SECLIST=NONE in particular), there is no enhancement to performance using FASTAUTH security calls.
The SARINIT setting for FASTAUTH calls is FEATURE=4, so it may be advised to remove 4 from the SARINIT FEATURE settings.