RegisterLog In to Jazz.net dW

Tip: Eliminate excessive RACF warnings under WebSphere Application Server on z/OS

Published/Updated: December 9, 2009
Author: Bruce Green
Build: Rational Team concert for System z 2.0.0.2

Summary

When you deploy the jazz.war Web application in Rational Team Concert for System z, multiple ICH408I error messages are logged to the system console for any security roles for which you are not authorized. This article explains why these warnings occur and how to suppress them.

More Information

The following security roles are defined for the jazz.war Web application on Rational Team Concert for System z:

  • JazzAdmins
  • JazzDWAdmins
  • JazzGuests
  • JazzUsers

When you use the WebSphere Application Server on z/OS, these security roles are mapped to RACF definitions for the EJBROLE class, and to profiles that correspond to each security role. However, when you access Rational Team Concert for System z in this configuration, Rational Team Concert for System z tests your access to these profiles, which results in multiple ICH408I messages that are logged to the system console for any roles for which you are not authorized. For example:

ICH408I USER(JOHNDOE  ) GROUP(SYS1    ) NAME(####################) 860
  JAZZ.JazzDWAdmins CL(EJBROLE )                                   
  INSUFFICIENT ACCESS AUTHORITY                                      
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )                    
ICH408I USER(JOHNDOE  ) GROUP(SYS1    ) NAME(####################) 861
  JAZZ.JazzGuests CL(EJBROLE )                                     
  INSUFFICIENT ACCESS AUTHORITY                                      
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )                    
ICH408I USER(JOHNDOE  ) GROUP(SYS1    ) NAME(####################) 862
  JAZZ.JazzUsers CL(EJBROLE )                                      
  INSUFFICIENT ACCESS AUTHORITY                                      
  ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   ) 

You can suppress these error messages. WebSphere Application Server V6.1 and V7.0 provide a setting called "Suppress RACF EJBROLE audit messages." You can find details on how to set this parameter in the WebSphere Application Server information center that is specific to the WebSphere Application Server version you are using.

Feedback
Was this information helpful? Yes No 0 people rated this as helpful.