IBM Security Z Security

Security for Z

Join this online user group to communicate across Z Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  [Public] CKR0206 20 Duplicate profile

    Posted 23 hours ago

    We are in the process of updating csdata to flag syspriv on resources. After command RALT command for GLOBAL DATASET was ran, I performed an unload C2RL$UNL. We are getting: CKR0206 20 Duplicate GLOBAL profile DATASET. When we look at the DB entry we are just seeing the one entry yet zSecure is reporting a duplicate. What could be causing this and how to correct?

    Thank you in advance.   


    USAA Classification: Public

    Disclaimer: This email and any attachments are the property of USAA and may contain confidential and/or privileged material. If you are not the intended recipient, any use, disclosure or copying of this email or any attachments is unauthorized. If you received this email in error, please immediately notify the sender and delete the email and any attachments from your computer.


  • 2.  RE: [Public] CKR0206 20 Duplicate profile

    Posted 13 hours ago

    Donna,
    I have seen an issue similar to this before, but your circumstances may not be the same.

    The one I saw had a RACF database with multiple data sets. At some point in the past the data sets had been used with an incorrect range table (ICHRRNG) and profiles had been defined in the wrong data set. Once the correct Range tables were used, those profiles could not be found and were then manually re-defined in the correct data set. RACF I/O routines ignore the duplicate profiles as it uses the active range table to select the RACF data set. However, zSecure will read each ENTIRE data set and then spot those duplicates. Getting rid of the duplicates is not simple. An IRRUT400 is possibly the simplest way to approach this, but may require an outage. BLKUPD is another possible method, but I would not suggest this to anyone unfamiliar with RACF internal structure.
    Maybe others have suggestions.
    Lennie Dymoke-Bradshaw



    ------------------------------
    Lennie Dymoke-Bradshaw
    ------------------------------

    Original Message


  • 3.  RE: [Public] CKR0206 20 Duplicate profile

    Posted 12 hours ago

    If this is the reason, that can presumably be validated by looking at each data set with SUPPRESS ICHRRNG in the run (so that the profiles in the wrong data set according to the RACF range table do not get suppressed from the reporting) and looking for profiles for which the TYPE=RACF field INRANGE is not true.



    ------------------------------
    Jeroen Tiggelman
    IBM - Software Development Manager IBM Security zSecure
    Delft
    ------------------------------

    Original Message


Related Content