Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
ICH427I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
ICH427I NON-MAIN PROGRAM IS IN CONTROL. TEMPORARY USE OF CONDITIONAL
ACCESS LIST ALLOWED FOR DATA SET dsname ExplanationThe profile that protects the data set has a conditional access list that would grant access by way of the WHEN(PROGRAM) if BASIC PGMSECURITY was in effect. However, ENHANCED PGMSECURITY is in effect and the environment was established by a program that did not have the MAIN attribute. This would normally cause RACF® to reject use of the conditional access list entry, but RACF allowed it because the administrator enabled WARNING mode for ENHANCED PGMSECURITY. This access fails if the administrator instead enabled ENHANCED mode of PGMSECURITY. System actionRACF allows the requested access, but issues the warning message. Routing code9 and 11 Descriptor code6 RACF Security Administrator ResponseOr user Response: Verify that the first program executed in this execution environment (jobstep, or specified on TSOEXEC command or by way of the IKJEFTSR service) has a PROGRAM profile that specifies the MAIN attribute. If not, redefine the program to have MAIN, if it is a program that you trust to maintain the environment properly for using conditional access, or change the way you invoke the program (for example, under TSO consider invoking the program by using the TSOEXEC command), or change the option to BASIC PGMSECURITY mode, or define the program as one that needs BASIC PGMSECURITY mode by defining it with a specific PROGRAM profile that has an APPLDATA value of BASIC. Using a PROGRAM profile with BASIC provides less security, but might be necessary for some programs where you cannot use TSOEXEC. Do not enable the failure mode of ENHANCED PGMSECURITY before you resolve this message, or accesses fail. |
Copyright IBM Corporation 1990, 2014
|