The level of ACF2 you have, while not supported, is not old enough to be an
issue.
Also consider some workarounds:
1) Make the WAS LID Non-Cancellable, give it the NON-CNCL privlege. It will
not prevent access to anything and will log everything so you can see what
is preventing your access.
Enter: ACF
cha whateverid non-cncl (syntax: could also be ncncl or noncncl,
not sure)
2) Change the ACF2 prefix, not to be confused with the TSO prefix, to
asterisk (*).
Enter: ACF
cha wateverid prefix(*)
When you wildcard the ACF2 prefix, make it "*", you effectively noop, turn
off all resource security for that id. It would drive the auditors up the
wall if they knew, but they will never know.
Auditors only like things they can stub their toe on.
Don't tell your a
On Wed, Mar 17, 2010 at 11:08 AM, George Henke <gahe...@gmail.com> wrote:
> These are not ACF2 error messages. There are no such roles as monitor
> nobody configurator or administrator in ACF2.
>
> ACF2 could still be the root cause.
>
> You can get "negative assurance" by running the ACF2 RV, Resource
> Violation, Report against the SMF data and if you do not find any ACF2
> violations for the WAS resources or LIDS, then it is not ACF2, but WAS
> itself.
>
> Be sure you check the correct time period.
>
> As a short cut, you should also be able to see any ACF2 errors in the z/OS
> Console System Log. But such error messages, if there, will not be
> sufficient for PD and you will need the RV Report for the details, ie
> specific ACF2/WAS resource, rule, rule set, lid, and access denied.
>
> You may need an ACF2 SAF rule defined for WAS.
>
> On Wed, Mar 17, 2010 at 10:32 AM, Patrick Falcone <
> patrick.falco...@verizon.net> wrote:
>
>> We've had some lingering issues getting into the admin. console from the
>> application server we can't seem to get by. Can anyone kindly assist with
>> helping us understand where we may be going astray? We strongly believe that
>> this is ACF2 related...unfortunately it's on version 9.2 (unsupported)
>>
>> +BBOO0222I: SECJ0129E: Authorization failed for user
>> A2ADMIN:IBMIPA.krms.com <http://ibmipa.krms.com/> while invoking GET
>> on
>> admin_host:/ibm/console/, Authorization failed, Not granted any of the
>> required roles: administrator operator configurator monitor nobody
>>
>> Thank You...
>>
>>
>>
>> ----------------------------------------------------------------------
>> For IBM-MAIN subscribe / signoff / archive access instructions,
>> send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
>> Search the archives at http://bama.ua.edu/archives/ibm-main.html
>>
>
>
>
> --
> George Henke
> (C) 845 401 5614
>
--
George Henke
(C) 845 401 5614
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
