zowe / zss

Zowe System Services Server for enabling low-level microservices
Eclipse Public License 2.0
13 stars 45 forks source link

ZSS is unable to attach to ZIS, even when the Zowe STC user ID has permission to use `ZWES.IS`. #625

Closed Joe-Winchester closed 1 year ago

Joe-Winchester commented 1 year ago

Describe the bug Security Manager ACF2. Zowe 2.9. ZSS fails to attach to ZIS with error 33.

ZWES1014I ZIS status - 'Failure' (name='ZWESIS_STD      ', cmsRC='33', description='Permission denied', clientVersion='2')

We have verified that the userID BSZWESV used to run the ZWESLSTC started task has permission by running the following ACF command

image

Proposed solution @ifakhrutdinov , is there a way we can increase the logging of the ZIS server to collect more diagnostics ? We are also wondering if there is a problem with the setup of the ACF2 facility class.

@MarkAckert , I think we have an ACF2 LPAR on Marist, do you know if this is using the same setup as the screen shot above (where the group is called bpx) as maybe that's the issue. We thought if we could see the setup Marist is using that'd help do a like for like comparison.

MarkAckert commented 1 year ago

@Joe-Winchester we don't have the exact same setup so I don't think we can make an apples-apples comparison with the Marist environment, but if we can narrow down the error on the zis side with an audit report I can see what's in place on our side.

ifakhrutdinov commented 1 year ago

Hello, why is it called BPX.ZWES.IS. The ZWES.IS profile must be in the FACILITY class (not sure what the ACF2 counterpart for class is).

Joe-Winchester commented 1 year ago

Thank you @ifakhrutdinov for picking up that the screen shot showed the BPX.ZWES.IS error. The customer reported that your suggested change of the facility class to be ZWES.IS worked for them, so closing the issue.
Cheers !