Why is one of my two Sysview PMO for DB2 for z/OS (IDB2) data collectors encountering the failure: PTT1130E UNAUTHORIZED REQUEST. PLAN SECURITY CHECK FAILED FOR PLAN PTTFPLAN RC=00000004-00080008 DBG72034I DIW2 when cancelling a thread via PTT?

Document ID : KB000012435
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

The customer has a DB2 data sharing group. The IDB2 Data Collector for one member of the data sharing group is not able to cancel threads that

encounter an IQL exception. The IDB2 Data Collectors reside on different LPARS, but have the same exact SYSCTRL authority, and each IDB2 Data

Collector's Userid has execute access to the PTT (Thread Terminator) plans (including PTTFPLAN).  The failure exists even when the PTTFPLAN has been

granted execute authority to Public.

The one IDB2 Data Collector can successfully cancel threads, but the other encounters:

PTT1130E UNAUTHORIZED REQUEST. PLAN SECURITY CHECK FAILED FOR PLAN PTTFPLAN RC=00000004-00080008 

PTT API RETURNED RC= 8 RSN= 8 

Question:

Why does one of my IDB2 Data Collectors encounter the following failure when it tries to cancel a thread due to exception processing? 

PTT1130E UNAUTHORIZED REQUEST. PLAN SECURITY CHECK FAILED FOR PLAN PTTFPLAN RC=00000004-00080008 

PTT API RETURNED RC= 8 RSN= 8 

Environment:
IDB2 r18, DB2 v11.1, Top Secret
Answer:

Review of the Xmanager's joblog (residing on the same LPAR as the Data Collector encountering the failure), the following Top Secret error message was

found:  TSS7100E 006 J=PTXMANI2 A=IDB2DIW2 T=N/A F=PTXMAN - Facility Not Authorized PXM0315 RACROUTE VERIFY FAILED SAFRC=X'0008'  

            RC=X'001C'  RS=X'00000000' USER=IDB2DIW2 PLAN=PTTFPLAN 

The Xmanager needs to be properly configured to CA Top Secret.

Using CA Top Secret™ as your security system, you must assign the Xmanager started task to a facility and grant access to the facility to all product users

(including Userid's associated with products like Sysview (IDB2)). 

Review and execution of the External Security setup between the Xmanager and CA Top Secret will prove corrective to this failure condition. 

https://docops.ca.com/ca-database-management-solutions-for-db2-for-z-os/18/en/installing-ca-database-management-products/completing-post-installation-configuration/executing-product-specific-tailoring/how-to-customize-xmanager/review-external-security-considerations