APAR status
INTRAN
Error description
This informational APAR is intended to assist RACF customers in diagnosis of common problems involving the Program Control feature of RACF. These problems include MSGCSV025I and ABEND306 RC30 and RC34. RACF program control is intended to allow the control of user's access to specific programs. The security administrator can allow individual users or groups of users one of two access authorities to programs. If a user is given read authority they can read, copy and run the program. If they are given EXECUTE authority then they will be only allowed to execute the program and will not be able to copy it. Because EXECUTE access requires additional security it can be more difficult to implement. For either of the two ABENDs below the user must be certain that the SETR WHEN(PROGRAM) REFRESH is issued after changes are made to program class profiles. - ABEND306 RC30 ------------- If the customer experiences an ABEND306 RC30 it indicates that the user is not authorized to execute the program in the current environment. The most obvious reason for this type of failure is that the user is not authorized to execute the program because they are not on the access list of the program class profile. If, however, the user is on the access list of the program class profile there are a couple other cases where the user may still be denied access to the program. 1) The program could not be used in an unsafe environment. In this case the user has execute access to a protected program but there are other programs in the environment that are not protected and as such could be used to invalidly copy the execute only code. 2) The program can not create an unsafe environment. This will occur when the user has execute access to a program and using the indicated program would compromise the security of the execute only access of that user to the execute only code. For an example of this suppose that a user has execute access to PROGA and executes this program. If the user then subsequently uses PROGB which is unprotected perhaps the user could use PROGB to copy PROGA which is still available in storage. Since PROGB is not protected, RACF can not allow it to be used. If you are getting a RC30 on an ABEND306 and/or you are getting a CSV025I message you may wish to try using the trace identified in informational APAR II02901 to determine which modules are being used in the address space. You will need to set the trace and then recreate the problem. Typically this means that you will need to logoff, set the trace and logon again. You will want to check the RACF protection on any RACF protected modules and see if any of them have execute authority. Also, verify that none of the unprotected programs should be protected. - ABEND306 RC34 ------------- In this case a user is attempting to use a program while a program Accessed dataset is open. This may fail for a couple of reasons. 1) The program being used is not protected. In this case using an unprotected program might compromise the security of the open programmed accessed dataset. The use of the program is therefore failed. This problem may be circumvented by protecting the program in question. 2) The program being used is protected but the user/program combination is not on the conditional access list of an open program accessed dataset and at least one previously loaded program in the address space specified PADCHK. Since PADCHK requires all programs to be on the conditional access list while the dataset remains open the attempt to use this program was failed.
Local fix
Problem summary
Problem conclusion
Temporary fix
Comments
APAR Information
APAR number
II07733
Reported component name
V2 LIB INFO ITE
Reported component ID
INFOV2LIB
Reported release
001
Status
INTRAN
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
1994-03-23
Closed date
Last modified date
1994-03-23
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19N","label":"APARs - OS\/390 environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"001","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SG19M","label":"APARs - z\/OS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"001","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":null,"label":null},"Product":{"code":"SG19O","label":"APARs - MVS environment"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"001","Edition":"","Line of Business":{"code":"","label":""}},{"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Product":{"code":"SSSN3L","label":"z\/OS Communications Server"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"001","Edition":"","Line of Business":{"code":"LOB35","label":"Mainframe SW"}}]
Document Information
Modified date:
14 December 2020