See the ICSF Administrator's Guide, Chapter 17, "Using the utility panels to manage keys in the CKDS". Here's the SAF resources needed to do things on the CKDS Key Utilities panel:
The following resources and profiles are SAF checked by the CKDS KEYS utility. You must have SAF authority to the resource to perform the function. The CSFKEYS class can be checked for the label when these functions are executed.
Listing labels (CSFSERV(CSFKDSL) and CSFSERV(CSFBRCK)) You must have READ authority to the profiles.
Displaying key attributes and record metadata (CSFSERV(CSFBRCK)) You must have READ authority to the profile.
Modifying metadata (CSFSERV(CSFBRCK)) You must have UPDATE authority to the profile and READ authority to the CSFKEYS profile for the label.
Deleting records (CSFSERV(CSFBRCK)) You must have CONTROL authority to the profile and READ authority to the CSFKEYS profile for the label.
Archiving/recalling records (CSFSERV(CSFBRCK)) You must have UPDATE authority to the profile and READ authority to the CSFKEYS profile for the label.
If you have ALTER authority to the CSFSERV(CSFBRCK) profile, the CSFKEYS SAF check is not performed.
Generating an AES DATA key requires you to have SAF authority to the specified label in the CSFKEYS class and to these resources in the CSFSERV class:
CSFKGN
Generates keys.
CSFKRC2
Creates the CKDS record.
CSFKRR2
Checks whether specified record exists.
CSFKRW2
Overwrites the existing key token in the existing record.
------------------------------
Bob Petti
------------------------------
Original Message:
Sent: Thu January 21, 2021 08:48 AM
From: Nordine Mosbah
Subject: ICSF - CKDS KEYS menu ( option 1 ; 2 ; 3) - NOT AUTHORIZED
Dear ,
After creating a DATA key I'm trying to display key from CKDS KEYS menu but I'm facing lack of authority appparently to access
to the following options :
And I' m getting this message:
I specify that I'm using the same protection services, keys that another system where I've not this problem .
Thanks in advance for the advise .
Regards,
------------------------------
Nordine
------------------------------