Troubleshooting
Problem
When you startup CICS, you receive the following messages and abend:
CSV244I CSV UPDATE ACCESS DENIED. USER= CLASS=FACILITY RESOURCE=CSVLLA.SYS1.SCEERUN
DFHLD0001 An abend (code 023/AKEB) has occurred at offset X'30B0' in module DFHLDLD1
CSV244I CSV UPDATE ACCESS DENIED. USER= CLASS=FACILITY RESOURCE=CSVLLA.SYS1.SCEERUN
DFHLD0001 An abend (code 023/AKEB) has occurred at offset X'30B0' in module DFHLDLD1
Cause
The CICS region system initialization table (SIT) parameter LLACOPY is set to YES. Therefore, the CICS region user ID is issuing an MVS library lookaside (LLA) operator command but it does not have sufficient authority for the command to be run.
Diagnosing The Problem
If using RACF you will also receive message:
ICH408I USER(CICSXXXX) GROUP(STC ) NAME(CICS ) 311
SYS1.SCEERUN CL(DATASET ) VOL(XXXXXX)
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ )
FROM SYS1.SCEERUN (G)
If using CA ACF2 you will receive message:
ACF99913 ACF2 VIOLATION-04,09,CICSXXXX,A4AR11,SYS1.SCEERUN,N/A
ICH408I USER(CICSXXXX) GROUP(STC ) NAME(CICS ) 311
SYS1.SCEERUN CL(DATASET ) VOL(XXXXXX)
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ )
FROM SYS1.SCEERUN (G)
If using CA ACF2 you will receive message:
ACF99913 ACF2 VIOLATION-04,09,CICSXXXX,A4AR11,SYS1.SCEERUN,N/A
Resolving The Problem
Authorize the CICS region's user ID as described in the CICS TS documentation topic Authorizing access with the MVS library lookaside (LLA) facility:
In this case, the datasetname is SYS1.SCEERUN. This also applies to any other load-module libraries in the DFHRPL concatenation that are controlled by the MVS LLA facility.
If you are using the library lookaside (LLA) facility of MVS™, you can control a program's ability to use the LLACOPY macro.
Authorize the CICS® region's userid in one of the following ways:
- It must have UPDATE authority to the data set that contains the LLA module.
- It must have UPDATE authority in the FACILITY class to the resource CSVLLA. datasetname, where datasetname is the name of the library that contains the LLA module. For example
RDEFINE FACILITY CSVLLA.datasetname UACC(NONE) NOTIFY
PERMIT CSVLLA.datasetname CLASS(FACILITY) ID(....) ACCESS(UPDATE)
In this case, the datasetname is SYS1.SCEERUN. This also applies to any other load-module libraries in the DFHRPL concatenation that are controlled by the MVS LLA facility.
[{"Type":"MASTER","Line of Business":{"code":"LOB35","label":"Mainframe SW"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGMGV","label":"CICS Transaction Server"},"ARM Category":[{"code":"a8m0z00000007YsAAI","label":"Security"}],"ARM Case Number":"","Platform":[{"code":"PF035","label":"z\/OS"}],"Version":"5.4.0;5.5.0;5.6.0;6.1.0"}]
Product Synonym
CICS/TS CICS TS CICS Transaction Server
Was this topic helpful?
Document Information
Modified date:
03 January 2023
UID
swg21177687