Why am I receiving a temporary dataset allocation error message C1A0010E from CA Endevor Software Change Manager during processor execution?

Document ID : KB000036223
Last Modified Date : 14/02/2018
Show Technical Document Details

Question:

During the execution of my processor, Endevor fails to allocate any temporary dataset with a DISP=(MOD,PASS). 
We use the same commented ENCOPTBL parameter (* ENHOPT DS_INTERNAL_TEMP=ON) in both v16 and v17.
However, the same temporary dataset was previously allocated successfully. .

The Joblog displays the following RACF error message: 

ICH408I USER(userid  ) GROUP(groupid  ) NAME(user name      )  017
    017               SYSyyqqq.Thhmmss.RA0.jobname.tempfile CL(DATASET ) VOL(volser)
    017               DEFINE - RESOURCE NOT PROTECTED

Endevor issues messages from C1MSGS1;

C1A0010E  ALLOCATION ERROR RC=970C-4274, DDNAME=                                                                
C1A0011E  IKJ56894I DATA SET SYSyyqqq.Thhmmss.RA0.jobname.tempfile NOT ALLOCATED+                                   
C1A0012E  IKJ56894I STORAGE MANAGEMENT SUBSYSTEM DETECTED AN ERROR, EITHER MESSAGES WERE NOT REQUESTED OR A SYST

Answer: 

You have to check this situation with your SAF Security product administrator and check the RACF OPTION PROTECTALL.
The issue comes from the DISP=(MOD,PASS) coded to allocate temporary file &&tempfile in a step. The RACF OPTION PROTECTALL requires temporary files to be ra000 but Endevor create them as ra0.
Since DISP=MOD is not supported for a SVC99 allocation, Endevor will allocate those datasets as a permanent file.
 
A possible workaround is to enable the optional feature (ENHOPT DS_INTERNAL_TEMP=ON) in the ENCOPTBL table.
Additional options are to either avoid using a DISP=MOD or setting the C1DEFLTS parm MODHLI to specify a HLQ that can be allocated.

 

Additional Information:

Please see technical document TEC494236  "Naming rules for Temporary Datasets within Endevor processors." for further information.

You can also refer to the RACF OPTION PROTECTALL in your IBM documentation.