Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
IRRH237E z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
IRRH237E The check-name check has found one or
more potential errors in the security controls for the resources specified
in this check. ExplanationThe RACF® security configuration check has found one or more potential errors with the protection mechanisms for the resources specified for this check. System actionThe check continues processing. There is no effect on the system. Operator responseReport this problem to your system security administrator and your system auditor. System programmer responseExamine the report that was produced by the check. Any resource which has an "E" in the "S" (Status) column has excessive authority allowed to the resource. That authority may come from a universal access (UACC) or ID(*) access list entry which is too permissive, or if the profile is in WARNING mode. If the resource is a data set and there is no profile, then PROTECTALL(FAIL) is not in effect. Any data set which has a "V" in the "S" (Status) field is not on the indicated volume. Remove these data sets from the list or allocate the data sets on the volume. Any data set which has an "M" in the "S" (Status) field has been migrated. If the "S" field contains an "E" or is blank, then blanks in the UACC, WARN, and ID(*) columns indicate that there is no RACF profile protecting the resource. Resources which do not have a RACF profile are flagged as exceptions, unless the resource is a data set and SETROPTS PROTECTALL(FAIL) is in effect for the system. If a valid user ID was specified as a parameter to the check, that user's authority to the resource is checked. If the user has an excessive authority to the resource, that is indicated in the USER column. Modules which are flagged in the ICHAUTAB report as exceptions must be either removed from ICHAUTAB or the module must be moved to a non-LPA location and the module protected by using Program Control. The users of this module should be limited to only those who are trusted to execute the program in the expected manner. Problem determinationNone. SourceModuleIRRHCR00 Routing codeN/A Descriptor codeN/A AutomationNone. Reference DocumentationNone. |
Copyright IBM Corporation 1990, 2014
|