Well, I don't have access to any system, and therefore, I was only looking at online documentation. I thought you were doing the same, reason for my surprise :-).
Original Message:
Sent: Wed April 16, 2025 11:25 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
Um, if you noticed a discrepancy between the documentation and your actual recovery reports, did you click on the feedback button on that page to tell them it needs updating?
We do a STRRCYBRM OPTION(*SYSTEM) ACTION(*REPORT) directly to PDF on a daily basis. Then we distribute that report to two different PC based servers located in different countries. I just tend to look at those instead of the documentation.
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed April 16, 2025 10:38 AM
From: Marc Rauzier
Subject: BRMS - Functional Usage information
Gnnnn?
Some magic trouble here?
I have been looking at all V7 documentation pages from https://www.ibm.com/docs/en/i/7.1.0?topic=system-using-recovering-your-entire-report to https://www.ibm.com/docs/en/i/7.6.0?topic=ssw_ibm_i_76/rzai8/rzai8_rcysys_steps.html (wow, IBM has again decided to no longer follow the good practices they have prior to provide documentatio, i.e. just change the version to get the same information) and I have
STEP 012 : Recover required system libraries
STEP 013 : Reset BRMS device and media library information
------------------------------
Marc Rauzier
Original Message:
Sent: Wed April 16, 2025 10:07 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
All good points. My only question is a question of why your step 13 is different than my step 13
__ STEP 013 : Recover Required System Libraries
Start date/time __________________ Stop date/time __________________ Duration _________________
You must restore specific system libraries before you can use BRMS to
perform other recovery steps.
If the "Select Recovery Items" display is not shown and you are
performing a complete system restore, run the following command.
STRRCYBRM OPTION(*RESUME)
Otherwise, run the following command.
STRRCYBRM OPTION(*SYSTEM) ACTION(*RESTORE)
Type the command choice and press "Enter".
Select the saved item(s) listed below from the "Select Recovery Items"
display and press "Enter" to recover these saved items. Recovery of
these saved items will require the volumes listed on the report or
duplicate volumes.
--- Objects ---
Saved Save ----- ASP ------ Save Save Not Sequence Control Volume
Item Type Name Number Date Time Saved Saved Number Group Identifier Encrypted
---------- ------- ---------- ----- -------- -------- -------- ------ --------- ---------- ---------------------------- ---------
__ QSYS2 *FULL *SYSBAS 00001 3/08/25 8:37:28 613 0 145 DTFULL I70604
__ QGPL *FULL *SYSBAS 00001 3/08/25 8:37:15 1406 0 262 DTFULL I70606
__ QGPL *FULL *SYSBAS 00001 4/01/25 19:30:04 219 0 2 JRNRCV I70607
__ QUSRSYS *FULL *SYSBAS 00001 3/08/25 8:37:43 2439 0 150 DTFULL I70604
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed April 16, 2025 10:01 AM
From: Marc Rauzier
Subject: BRMS - Functional Usage information
Yes, this document provides important information. But, IMHO it is not reated to step 13, which does only tape device configuration within BRMS.
To me the important topic is below:
---- Quote ------------------------------------
Note: The default usage information for a function is stored in internal objects that are saved during a SAVSECDTA and restored during a RSTUSRPRF USRPRF(*ALL). If the internal object already exists on the system, the default authority will be what was originally on the object (the authority from the saved object will not be restored). The *ALLOBJ special authority indicator will be changed to what was on the saved object.
---- Quote ------------------------------------
Therefore, my interpretation is the following:
- BRMS step 6, INZBRM OPTION(*SETAUT) registers the exit points and functions whith DENIED default value, because they do not yet exist on the system
- BRMS step 9 RSTUSRPRF *ALL or step 26, RSTAUT, restores authorities to function usages, except for those already existing as stated above in the note, including BRMS function usage authoity
The question is: does QUSRSYS/QUSEXRGOBJ *EXITRG object restore (which is done in step 12) restore function usage authority as well? I am not sure of that, because:
---- Quote ------------------------------------
The function registration information can be restored by restoring the QUSEXRGOBJ *EXITRG object into QUSRSYS. This restores all of the registered functions and may require functional usage information to use the product Exit Points.
---- Quote ------------------------------------
Again, those are my 2c.
------------------------------
Marc Rauzier
Original Message:
Sent: Wed April 16, 2025 09:08 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
https://www.ibm.com/support/pages/how-registration-information-and-functional-usage-information-are-saved-and-restored
Isn't that part of step 13?
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed April 16, 2025 09:06 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
Actually if you read the OP's replies he said he tried to do the restore as QLPAR and not QSECOFR. I understand the recovery reports may not clearly say this but I think it is generally best practices to do a full system restore under QSECOFR and not QLPAR. This may be why STEP 6 didn't work right for him as he was not logged in as QSECOFR.
Now, is the restore of function usages part of the processes after step 6? Step 6 is prior to the restore of user profiles, configuration data, etc. Did the OP try to fix all users at the time of step 6, or just QLPAR? If he did just QLPAR, were the function usages of the rest of the user profiles later successfully restored?
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed April 16, 2025 08:50 AM
From: Marc Rauzier
Subject: BRMS - Functional Usage information
Jos said he has followed the recovery report and specifically ran the step 6. But he also writes that authority is set back to DENIED, despite what was the status at save time. So this is not an exact restore operation IMHO. And he also writes that you have to use either SETUSRBRM, WRKFCNUSG command or GUI operations to update them as they were at save time. This action does not seem to be included in the Recovery report.
But, how and where do you find those authorities if the source system is no longer available?
------------------------------
Marc Rauzier
Original Message:
Sent: Wed April 16, 2025 08:08 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
BRMS Recovery reports
****************************************************************************************************
__ STEP 006 : Initialize BRMS Functional Authority Information
Start date/time __________________ Stop date/time __________________ Duration _________________
You must perform this step to initialize BRMS functional authorities.
Register all BRMS resources which use functional authority.
To do so, type the following command and press "Enter".
INZBRM OPTION(*SETAUT)
Assign the QSECOFR user profile administrative functional authority
to the BRMS resources.
To do so, type the following command and press "Enter".
SETUSRBRM USER(QSECOFR) USAGE(*ADMIN)
****************************************************************************************************
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Wed April 16, 2025 07:40 AM
From: Marc Rauzier
Subject: BRMS - Functional Usage information
Hello Jos
If I understand fine, there is nothing in the BRMS recovery report about this particular topic regarding BRMS functional usage information.
If this is the case, IMHO this is a huge design issue. They should save this information when saving QUSRBRM, then provide a way to restore it at the end of the recovery point. Don't forget that the R in BRMS stands for Recovery and the S Services!
Maybe time for submitting an idea.
My 2c.
------------------------------
Marc Rauzier
Original Message:
Sent: Wed April 16, 2025 05:58 AM
From: Jozef Thijs
Subject: BRMS - Functional Usage information
It took some time to verify the whole restore operation with IBM Support...
The restore operation was fine, but you have to consider that the functional usage information (from OS 7.5 onwards) gets rebuilt - during a restore operation - and will change the default authority setting from ALLOWED to DENIED.
Upgrading to OS7.5 or moving on from 5770-BR1 to BR2, the default authority settings will be changed to 'DENIED'.
https://fortradocs.atlassian.net/wiki/spaces/IWT/pages/2291466241/7.5+BRMS+Functional+Usage
After an OS upgrade (for instance from OS 7.4 to 7.5), maybe it will not be noticed immediately, as the default authority for the BRMS functions is not changed for the existing function entries (ALLOWED default auth is kept). Only in case you create a new controlgroup or media policy, ... you may face an BRMS security issue as this new control/media policy/ ... will be registered - functional usage - with a 'DENIED' default authority setting.
Now - in case of a 'full system' restore operation (with OS 7.5 BR1/BR2) , and using the BRMS recovery reports ...
You will restore QBRM / QUSRBRM ... and execute some INZBRM *SETAUT, INZBRM *DEVICE ... In fact, although the restore operation of your BRMS env, all BRMS functions will be registered again (for all controlgroups/policies/ ...), and as result the default authority for all BRMS functions will be changed to DENIED. Specific user settings are kept (as restored), but the default authority setting is changed to DENIED for every function definition.
Please remind this in case of a system restore operation... use the SETUSRBRM command, or redefine the BRMS functional usage settings (via NAV or WRKFCNUSG).
------------------------------
Jos (Jozef) Thijs
Kyndryl Belgium
Original Message:
Sent: Wed March 12, 2025 11:01 AM
From: Robert Berendt
Subject: BRMS - Functional Usage information
I'm hoping you opened a case with this. This way IBM (or their assignees) can fix this for the next of us who rely upon the BRMS recovery reports.
------------------------------
Robert Berendt IBMChampion
Business Systems Analyst, Lead
Dekko
Fort Wayne
Original Message:
Sent: Mon March 03, 2025 05:03 AM
From: Jozef Thijs
Subject: BRMS - Functional Usage information
All,
I just performed a full system recovery with BRMS, and afterwards it looks like I'm missing all BRMS functional usage information. All users have no access anymore to BRMS controlgroups. Every BRMS activity is failing due access denied ...
Currently, I solve this issue by performing a SETUSRBRM for the user with *ADMIN rights, but I was wondering what went wrong in the restore process ?
- At the beginning of the recovery - after restoring the BRMS libraries - the INZBRM *SETAUT was done & QSECOFR was defined with ADMIN rights. And afterwards, SAVSECDTA was fully restored, and RSTAUT and RSTAUTBRM was executed at the end. Should this Functional info not be restored?
- I have the impression that with the INZBRM *SETAUT (everything is reset ... and by default DENIED).
How can I solve this issue ...
Can I verify on the old system (only via console available) these functional usage settings ?
Thanks,
Jos
------------------------------
Jos (Jozef) Thijs
Kyndryl Belgium
------------------------------