Access Monitor RC = 4

View Only

Expand all | Collapse all

Floyd WombleTue March 12, 2024 11:51 AM

Hello. I am trying to determine the fix for this. This DISCRETE profile AESLBF exists, and the user ...

Tom ZeehandelaarWed March 13, 2024 04:41 AM

Hi Floyd, If you watch closely, you see that the current RC for AESLBF shows a result of 0. Remember ...

1. Access Monitor RC = 4

0 Like
Floyd Womble
Posted Tue March 12, 2024 11:51 AM
| view attached

Reply
Hello.

I am trying to determine the fix for this. This DISCRETE profile AESLBF exists, and the user has UPDATE access to it via their RACF Role group, why is it saying MISSING? I understand the MISSING profile for SYST.** as SYST.AR1D.AESALL isn't DEFINE.

1A C C E S S T R A C E R E C O R D L I S T I N G 12 Mar 2024 11:35 page 1
Access monitor records for Userids like DXP5048, Classes like ARCTL, No profile found, Not authorized, last use>=11MAR2024

Userid Name Jobname Intent Type RetAll AccRC Class Complex Syst Occurrence Last occurrence
DXP5048 PREBLE DARRIN 4 11Mar2024 19:15
READ Auth 4 2 11Mar2024 19:15
ARCTL PLEX1 SYST 2 11Mar2024 19:15

ARCTL AESLBF 1 11Mar2024 19:14
ARCTL missing
POE class= POE=
Intent=READ Allowed= Result=4
Current ARCTL DISCRETE AESLBF
Result=0

ARCTL SYST.AR1D.AESALL 1 11Mar2024 19:15
ARCTL missing
POE class= POE=
Intent=READ Allowed= Result=4
Current ARCTL missing SYST.**
Result=4

UPDATE Auth 4 2 11Mar2024 19:15
ARCTL PLEX1 SYST 2 11Mar2024 19:15

ARCTL AESLBF 1 11Mar2024 19:14
ARCTL missing
POE class= POE=
Intent=UPDATE Allowed= Result=4
Current ARCTL DISCRETE AESLBF
Result=0

ARCTL SYST.AR1D.AESALL 1 11Mar2024 19:15
ARCTL missing
POE class= POE=
Intent=UPDATE Allowed= Result=4
Current ARCTL missing SYST.**
Result=4

------------------------------
Floyd Womble
Senior Identity and Access Management Engineer | Enterprise Information Protection (EIP) | Access Management - Mainframe

Humana
T 951.813.1822
fwomble@humana.com
------------------------------

Attachment(s)

zSecure_Report_DXP5048_March 11 2024.txt 4 KB 1 version
2. RE: Access Monitor RC = 4

0 Like
Tom Zeehandelaar
Posted Wed March 13, 2024 04:41 AM

Reply
Hi Floyd,

If you watch closely, you see that the current RC for AESLBF shows a result of 0. Remember that ACCESS records represent a recording of historic access event decision that occurred on your system some time in the past. The result=4 for ARCTL AESLBF indicates that at the actual time of the event, no matching profile was found for this resource and hence a RC=4 was decided by RACF for the access check. However. when you look at the next lines it shows: "Current ARCTL DISCRETE ASSLBF" and "Results=O". According to me, these line report that if this same access event would happen today, against the RACF database (or copy or unload) that you have currently allocated to your zSecure session, this READ/UPDATE access would be successful as discrete profile AESLBF is found that allows the requested READ/UPDATE access, hence RC=0 which means that the access would be allowed.

I hope that clarifies was the report is showing you.

------------------------------
Tom Zeehandelaar
z/OS Security Enablement Specialist - zSecure developer
IBM
------------------------------

Original Message

IBM Security

Join our 16,000+ members as we work together to overcome the toughest challenges of cybersecurity.

IBM Security Z Security

Access Monitor RC = 4

Floyd WombleTue March 12, 2024 11:51 AM

Tom ZeehandelaarWed March 13, 2024 04:41 AM

1. Access Monitor RC = 4

2. RE: Access Monitor RC = 4

Join our 16,000+ members as we work together to
overcome the toughest challenges of cybersecurity.