I just tried to use some ICSF service and got rc=4, rsn=05A, which means
some Access Control Point is disabled.
I checked documentation - it is "DD" - Disabled by Default.
It can be enabled by the user, however TKE is the only way to change ACP
enable/disable status.
From the other hand TKE is optional (paid) feature. Important:
enablement of the ACP is not subject to charge (AFAIK).
So, we have scenario where some users purchase CPC with CryptoExpress
cards plus z/OS with ICSF as a standard component, but some
functionalities are unavailable to them just because they are disabled.
Theoretically the user could borrow some TKE for a while and enable it. :-)
Q1: Why some ACPs are disabled by default? What is the rationale behind it?
Q2: What is the purpose of such (IMHO quite complex) method of
enablement some features? Wouldn't be enough to use Image Profile
checkboxes on HMC/SE and/or RACF profiles?
Just curious.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
