Example: CPU Validation During TSO Logon
TSS‑F‑0000 NLSMPK NLSMPK T U4000 G/0000000000,00000000 L/00A002 F/04000F20,000800,0001,000000 TSS‑1 000000 0000000000 T/0000000000 CPU.XA81 TSS‑2 830000 R/108A00 S/000100,02002000 T0001013 A/010080 P/IKJEFLC, B512, ,IDJEFLA F/80C20600
TSS‑F indicates RACROUTE REQEST=FASTAUTH validation.
Return code 00 and no violation (00).
ACID and jobname both NLSMPK.
T indicates TSO.
U indicates Abstract.
4000 shows Warn MODE.
Logging indicates Log=None (normal for CPU check by CA Top Secret).
Resource is CPU.XA81.
SVC in control is 83 (Racinit).
User (ACID) is defined. ACID has TRACE and CONSOLE attributes.
Terminal is T0001013. Program in control is TSO scheduler (IKJEFLC), running.
Facility using LastUsed and Status, RndPw, WarnPw options.
Example: Password Violation during TSO Logon
TSS‑I‑0809*NLSMPK NLSMPK T 4000 G/0000000000,00000000 L/F01001 F/00000330,400000,0081,000040 TSS‑1 000000 0000000000 T/1100000015 TSS‑2 008000 R/108A00 S/000100,02002000 T0001013 A/010080 P/IKJEFLC B512, ,IDJEFLA F/80C20600
TSS‑I shows initiation call. Real return code passed to TSO (*).
Return code violation code is 09.
Logging indicates violation, forced logging, real return and event being audited.
Flags indicate password violation.
Trace (11) shows password required but not validated.
Example: Reader Access Violation for Batch Job
TSS‑I‑1C88 NLSMPK BJOB2 B TERMINAL 4000 G/0000000000,00000000 L/801001, F/00000330,000000,0081,000040 TSS‑1 000000 0000000000 T/0100000015 R5.R1 TSS‑2 008000 R/108A00 S/000100,02002000 T0001013 A/010080 P/IEFIIC , B512,IEFIB600,IEESB605 F/80C00400
Another initiation call. Return code passed to initiator is 00, but would be 1C if this had been a real failure instead of a warning.
Violation is 88 (136).
B indicates Batch facility.
TERMINAL indicates batch job performing reader violations.
Trace (01) shows required password has been validated.
Source of origin is remote 5.
Program in control is the initiator.
Example: Authorized Access to data set
TSS‑C‑0000 NLSMPK LINKMVS B DATASET 4081 G/0009080906,00202000 L/100002 F/00000320,000000,0021,000040 TSS‑1 60FF10 0000000000 T/0000090001 SRVC01 SYS2.TSS.TEST.LOAD TSS‑2 160000 R/108A00 S/000180,02002000 INTRDR A/0100A0 P/IEWL , 0B22, ,IEFIIC F/80C00400
Job LINKMVS has accessed SYS2.TSS.TEST.LOAD for update access (60).
ACID NLSMPK has All access (FF).
Algorithm data shows access allowed (00).
Ninth data set permission in user record.
Data set rule had a permission of length nine (actually, SYS2.TSS.), volume rule had six characters (SRVC01).
Open‑J was in control (16).
Example: Failure Due to Bad Access Level with ACTION(FAIL)
TSS‑D‑0866*NLSMPK NLSMPK T DATASET 20A0 G/08070A1106,00202080 L/B00002 F/00000330,000000,0021,000040 TSS‑1 486010 0000000000 T/0000010801 STRG02 NLSMPK.SYSLOG.DATA TSS‑2 1E0000 R/108A00 S/440180,02002000 T0001013 A/0100A0 P/RENAME 3512, ,IKJEFT09 F/80C20600
A real return code of 08 (*) was passed to the rename (1E) SVC.
66 indicates wrong access level attempt. T DATASET shows TSO and data set resource.
A0 indicates RACFIND=NO (no RACF bit).
Algorithm shows access illegal (08), seventh data set rule, tenth volume rule.
Action is FAIL (80), which changes running mode to FAIL (20) for this event.
TSO command is RENAME, running directly under the TMP (IKJEFT09).
Example: Job Submission (Authorized)
TSS‑C‑0000 NLSMPK NLSMPK T ALT‑ACID 4081 G/0000000000,00000000 L/100002 F/00000330,000800,0021,000040 TSS‑1 400000 0000000000 T/0000000001 NLSMPK TSSRACL TSS‑2 000000 R/108A00 S/440180,02002000 T0001013 A/0100A0 P/IKJEFF04, 3122, ,IDJEFF76 F/80C20600
TB indicates job submission (B) from TSO (T).
ACID for job TSSRACL is NLSMPK.
Submit command (IKJEFF04) was used.
Example: Program Violation
TSS‑F‑0888 IMSRG2 IMSB S PROGRAM 4000 G/0000000000,00000000
L/802002 F/04000720,000800,0001,000040
TSS‑1 000000 0000000000 T/0000000400 DFSFDLD0
TSS‑2 2A0000 R/108A00 S/000180,02000000 A/0100A0 P/DFSXDSP0,0B22,
,DFSMVRC0 F/80C00000
Here a program (DFSXDSP0) which is running as started task IMSB is attempting to access program DFSFDLD0.
0888 indicates resource not accessible.
S PROGRAM shows STC with program check.
4000 shows WARN MODE, therefore the security driver receives a real return code (0) and continues normally.
Example: CICS Transaction Violation
TSS‑F‑0888*DANTEST CICS50 K LCF 2000 G/0000000000,00000000 L/A02002
F/04000720,000800,0001,000040
TSS‑1 000000 0000000000 T/0000000400 CSMT
TSS‑2 000000 R/108A00 S/200180,0A008800 T0001008 A/01B0A0 P/DFHSIP,0B23 ,
,IEESB605 F/16C21500
TSS‑F is a FRACHECK‑processed CICSTEST,LCF (K LCF) event.
0888* indicates that a real return code was passed back to CICS because the ACID is in FAIL MODE (20).
Example: CICS Resource Violation
TSS‑F‑0888*DANTEST CICS50 K PPT 2000 G/0000000000,00000000 L/A02002 F/04000720,000800,0001,000040 TSS‑1 000000 0000000000 T/0000000400 DFHEMTP TSS‑2 000000 R/108A00 S/200180,0A008800 T0001008 A/01B0A0 P/DFHEMTP, 3 0B23, ,IEESB605 F/16C21500
A real violation again (*) for PPT (Q) resource DFHEMTP.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|