Focal Point
[CASE-OPENED] Focus Mainframe

This topic can be found at:
https://forums.informationbuilders.com/eve/forums/a/tpc/f/7971057331/m/2257001276

August 08, 2014, 02:16 PM
Allan Huffman
[CASE-OPENED] Focus Mainframe
We are getting a security error for an ACF2 resource BPX.CAHFS.SET.RLIMIT. RACF users - did you know FOCUS mainframe is using SET Resource Limit? ACF2 users - what did you do to circumvent this error?

This message has been edited. Last edited by: <Kathryn Henning>,


WebFOCUS 7.6
z/OS Focus
August 12, 2014, 05:54 PM
<Kathryn Henning>
Hi Allan,

Welcome to Focal Point!

As of FOCUS for Mainframe release 7.7.03, we use BPX.CAHFS.SET.RLIMIT to obtain storage that wasn't requested in prior versions of FOCUS. This change was made due to a change that IBM made. This is discussed further in Note 5 in the first section of the following document (you'll need to log in to InfoResponse Online to view it):

FOCUS for Mainframe, z/OS, z/VM and VM Compatibility Information

Allan has a case open for this issue, and there is a Project opened in programming for this. Per the document above, there are instructions in the IBM APAR for implementing rules.

As per Allan's post, if anyone has a way to circumvent this, please let us know.

Thanks and regards,

Kathryn
August 13, 2014, 08:25 AM
Allan Huffman
Kathryn,

Thank you for your time in posting a response; however I do not think IBI understands the issue we are experiencing.

IBI keeps refering to Note 5: BPX.DEFAULT.USER Advisory: and IBM PTF UA69991 for z/OS 1.13. This issue is for userid processing and PNC does not currently have this IBM PTF applied to any of our our systems so this topic is not related to the issue we are experiencing.

The area of concern is with a SET RESOURCE LIMIT and not userid processing. We are getting this error only because we have ACF2 as our security product as it has placed control on the SET RESOURCE LIMIT code path - this is unique to ACF2 - RACF users would not even see this issue as to the my understanding RACF does not protect the use of the SET RESOURCE LIMIT command.

Our experience is that when the SET RESOURCE LIMIT issued by FOCUS is denied FOCUS continues to run just fine. So it begs the question why is it necessary (looks like it is not) and why IBI will not provide an option to skip the SET RECOURCE LIMIT request.

Being a financial based center our security must be set appropriately so as to protect the assets and trust of our customers. Our implementation of FOCUS 7.7.03 has been delayed due to this security issue because at this time we do not have a version that will work in our production environment.

We are working with IBI (FOCUS) and will be working with CA (ACF2) to determine what solutions our vendors can provide. To IBI's response "there is a project open in programming for this" I was told IBI would not be making any changes. If IBI is changing their position, please let me know what the scope of the project is and when it might be available for testing.

Regards,
Allan Huffman


WebFOCUS 7.6
z/OS Focus