WAS V7 and ACF2 9.2 Trouble Accessing Admin. Con. from App. Server
We've had some lingering issues getting into the admin. console from the application server we can't seem to get by. Can anyone kindly assist with helping us understand where we may be going astray? We strongly believe that this is ACF2 related...unfortunately it's on version 9.2 (unsupported) +BBOO0222I: SECJ0129E: Authorization failed for user A2ADMIN:IBMIPA.krms.com while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody Thank You... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: WAS V7 and ACF2 9.2 Trouble Accessing Admin. Con. from App. Server
These are not ACF2 error messages. There are no such roles as monitor nobody configurator or administrator in ACF2. ACF2 could still be the root cause. You can get negative assurance by running the ACF2 RV, Resource Violation, Report against the SMF data and if you do not find any ACF2 violations for the WAS resources or LIDS, then it is not ACF2, but WAS itself. Be sure you check the correct time period. As a short cut, you should also be able to see any ACF2 errors in the z/OS Console System Log. But such error messages, if there, will not be sufficient for PD and you will need the RV Report for the details, ie specific ACF2/WAS resource, rule, rule set, lid, and access denied. You may need an ACF2 SAF rule defined for WAS. On Wed, Mar 17, 2010 at 10:32 AM, Patrick Falcone patrick.falco...@verizon.net wrote: We've had some lingering issues getting into the admin. console from the application server we can't seem to get by. Can anyone kindly assist with helping us understand where we may be going astray? We strongly believe that this is ACF2 related...unfortunately it's on version 9.2 (unsupported) +BBOO0222I: SECJ0129E: Authorization failed for user A2ADMIN:IBMIPA.krms.com http://ibmipa.krms.com/ while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody Thank You... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- George Henke (C) 845 401 5614 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: WAS V7 and ACF2 9.2 Trouble Accessing Admin. Con. from App. Server
The level of ACF2 you have, while not supported, is not old enough to be an issue. Also consider some workarounds: 1) Make the WAS LID Non-Cancellable, give it the NON-CNCL privlege. It will not prevent access to anything and will log everything so you can see what is preventing your access. Enter: ACF cha whateverid non-cncl (syntax: could also be ncncl or noncncl, not sure) 2) Change the ACF2 prefix, not to be confused with the TSO prefix, to asterisk (*). Enter: ACF cha wateverid prefix(*) When you wildcard the ACF2 prefix, make it *, you effectively noop, turn off all resource security for that id. It would drive the auditors up the wall if they knew, but they will never know. Auditors only like things they can stub their toe on. Don't tell your a On Wed, Mar 17, 2010 at 11:08 AM, George Henke gahe...@gmail.com wrote: These are not ACF2 error messages. There are no such roles as monitor nobody configurator or administrator in ACF2. ACF2 could still be the root cause. You can get negative assurance by running the ACF2 RV, Resource Violation, Report against the SMF data and if you do not find any ACF2 violations for the WAS resources or LIDS, then it is not ACF2, but WAS itself. Be sure you check the correct time period. As a short cut, you should also be able to see any ACF2 errors in the z/OS Console System Log. But such error messages, if there, will not be sufficient for PD and you will need the RV Report for the details, ie specific ACF2/WAS resource, rule, rule set, lid, and access denied. You may need an ACF2 SAF rule defined for WAS. On Wed, Mar 17, 2010 at 10:32 AM, Patrick Falcone patrick.falco...@verizon.net wrote: We've had some lingering issues getting into the admin. console from the application server we can't seem to get by. Can anyone kindly assist with helping us understand where we may be going astray? We strongly believe that this is ACF2 related...unfortunately it's on version 9.2 (unsupported) +BBOO0222I: SECJ0129E: Authorization failed for user A2ADMIN:IBMIPA.krms.com http://ibmipa.krms.com/ while invoking GET on admin_host:/ibm/console/, Authorization failed, Not granted any of the required roles: administrator operator configurator monitor nobody Thank You... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- George Henke (C) 845 401 5614 -- George Henke (C) 845 401 5614 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
