IBM Security Z Security

Hi Luis, 

to be able to successfully run RACF commands, the account associated with the zSecure Alert started task (by default C2POLICE) requires the appropriate RACF administrative authorization to run the generated RACF command. Thus, depending on the RACF command that the concerning Alert generates the Alert STC ID needs something along the lines of SPECIAL, group-SPECIAL, class authority, ownership, or perhaps access to involved IRR.** profiles in the FACILLITY class. 

Best regards, Tom Zeehandelaar

Hi Luis, 

from the information that you have shared so far, it is not possible for me to further comment on it. Since I cannot review how you have configured your alert that you expect to generate a TSO-RACF action command when it is successfully triggered, I cannot explain why you are not seeing anything in WTO as you state. 
From your latest response, it seems to me that the expected RACF command is not generated when the alert is triggered. So there might be something wrong or missing in the way that you have configured your Alert. Perhaps it would be better to contact our zSecure support team to assist you in further diagnosing why/what is going wrong that does not match your expectation.

Regards, Tom   

Hi Luis,

This link might help you with what you want.

https://www.ibm.com/docs/en/zos/2.5.0?topic=phrases-delegating-authority-reset-password-any-user

Please check it out.

Best Regards

Hi David,
Thanks for your help. The account already has the permissions to run ALU RESUME, however it's not running when a revoked user alert is generated in zSecure Alert.

Best Regards

Luis

Hi Luis

I am not sure if your questions has been answered by IBM Support.  However, it seems your problem is not so much about authorization, as it is about the right specification of the alert options in SE.A.A.  When you specify a new custom alert, you have to enable Action command from the allowable destination types.  Next, when you select the alert in a set, you must type a slash or an S in front of Specify action command.  In the next panel, put a / or S in front of TSO-RACF command as shown here.  Then enter a combination of literals and fields to build your command.

When you fully configured your alert(s), use the V line command to verify the alert set.  Now check the CARLa member generated by verify in C2PCUST, the member name would be setnameV (alert set name followed by a V).  Find the NEWLIST command for the alert.  There must be a CMD parameter in the NEWLIST command, to reflect the Action command that you configured.  If there is no NEWLIST with the CMD option, you must try again to specify the alert in SE.A.A.  Read here about the CMD option.

Commands do not show up as WTOs by themselves.  For testing purposes, I would select BOTH the WTO as well as the Action command destinations.  That way you can see when the alert conditions matched an SMF record.