SEFM* - ADASAF SAF Interface and SAF Security Kernel Messages

ADASAF displays an eight-byte code containing various return codes from SAF. This information is shown in a number of messages denoted ssssssss.

The ADASAF return code "ssssssss" contains the following structure:

Position Information Content
Byte: 1 SAF return code
Byte: 2
Function code. ADASAF internal function codes (hex) include:
04 Authorize Adabas access
44 or 6C Authenticate user
Byte: 3 Return code from security system, for example RACF
Byte: 4 Reason code from security system, for example RACF
Bytes: 5 - 8 SAF reason code

Refer to the IBM manual External Security Interface (RACROUTE) Macro Reference manual for z/OS for a thorough explanation of all possible return/reason codes. CA-Top Secret and CA-ACF2 can provide different return code values in some circumstances.

The following message groups are described:


Messages Displayed on the Operator Console and System Message Data Sets (SEFM001 - SEFM255)

The following messages are displayed on the operator console and system message datasets. The messages may be issued by the SAF Security Kernel component (in a daemon, an Adabas nucleus or an Entire Net-Work node) or by another product into which SAF Security is installed, such as Natural or Entire Broker.

Overview of Messages

BLS0334 | SEFM001 | SEFM002 | SEFM004 | SEFM006 | SEFM008 | SEFM009 | SEFM013 | SEFM014 | SEFM015 | SEFM016 | SEFM017 | SEFM020 | SEFM021 | SEFM025 | SEFM026 | SEFM028 | SEFM029 | SEFM030 | SEFM031 | SEFM041 | SEFM049 | SEFM050 | SEFM051 | SEFM060 | SEFM061 | SEFM062 | SEFM070 | SEFM071 | SEFM072 | SEFM073 | SEFM074 | SEFM075 | SEFM205 | SEFM210 | SEFM255
BLS0334 SYMBOL 'NETSAF' CANNOT BE FOUND. LOADING ABORTED
Explanation

This message should be ignored.


SEFM001 ssssssss : user : resource
Explanation

The security system determined that the user identified in the message ( user) does not have authorization for the resource listed in the message (resource). System return and reason codes are given in the hexadecimal string ssssssss. This message is displayed when access has been denied to a particular resource.


SEFM002 *XX to request FF : user : resource
Explanation

An unexpected response code (XX) was received from the SAF Security Kernel for the user identified in the message (user) when requesting function FF to be performed on the resource specified in the message (resource).


SEFM004 *Natural programs not extracted
Explanation

The SAF Security Kernel was not able to extract a list of protected program objects from the security system on behalf of Natural users.

Action

Obtain a trace of SAF call RACROUTE EXTRACT from the security system and contact your Software AG technical support representative. ACF2 and Top Secret users should ensure that the protected programs have been extracted from the security system and supplied to the SAF Security Kernel via the SEFEXT DD statement in the daemon started task JCL.


SEFM006 *ADARSP XX(xx) to request FF : user
Explanation

The SAF Security Kernel returned the Adabas response code (XX) and subcode (xx) shown in the message to request FF for the user shown in the message (user).

Action

Ensure that the SAF Kernel started task is active. Check its output for error messages. Take the necessary remedial action indicated by the Adabas response code.


SEFM008 *SAF Gateway (Vv.r) started
* SAF Security Kernel (Vx.x.x - BUILD xxxx) started
Explanation

Entire Net-Work SAF Security Interface (ADASAF) startup completed or the SAF Security Kernel initialized successfully.

Action

No action is required for this informational message.


SEFM009 Module module-name not loaded
Explanation

Entire Net-Work SAF Security Interface could not load the module listed in the message (module-name).

Action

Ensure that the module is in the STEPLIB and that the region size is sufficient.


SEFM013 *Less {memory | storage} acquired than specified
Explanation

The SAF Security Kernel or the Entire Net-Work SAF Security Interface (ADASAF) were not able to allocate all the memory or storage required to satisfy the buffer size specified in its parameters. Operation continues.

Action

Ensure that the region size is sufficient and the parameters are appropriate.


SEFM014 *No {memory | storage}could be acquired
Explanation

Entire Net-Work SAF Security Kernel or the SAF Security Interface (ADASAF) could obtain no storag or memory at system startup. Operation has terminated.

Operation has terminated.

Action

Ensure that the region size is sufficient and system parameters are appropriate.


SEFM015 *Logic error - XXXX for request FF : user
Explanation

The SAF Security Kernel suffered an internal error. A general restart is performed and the operation continues.

Action

Keep all information written to DDPRINT and contact your Software AG technical support representative.


SEFM016 *SAF logoff failed ssssssss ACEE AAAA : user
Explanation

The SAF Security Kernel was unable to logoff user from the security system. The SAF error code is ssssssss.

Action

Contact your Software AG technical support representative.


SEFM017 *Insufficient space to initialize - make Natural buffer XX
Explanation

The Natural SAF interface requires a larger value to be specidied for NSFSIZE.

Action

Increase the Natural NSFSIZE parameter.


SEFM020 *GETMAIN failed / IDSIZE error
Explanation

The Natural SAF interface could not acquire storage from the designated IDMSBUF.

Action

Increase Natural region and/or thread size.


SEFM021 *Illegal storage use / relocation problem
Explanation

Internal problem in Natural SAF storage use.

Action

Contact your Software AG technical support representative.


SEFM025 *Natural IDMSBUF parameter is not defined
Explanation

The Natural NSFSIZE parameter has not been specified.

Action

Ensure NSFSIZE is set correctly in the Natural parameters.


SEFM026 *Natural protected programs not extracted code: XX
Explanation

The list of protected programs could not be returned from the SAF Security Kernel to Natural.

Action

Ensure the same copy of the configuration module SAFCFG is used by all system components. Check that the GWSTYP parameter defined in SAFI010 and STY parameter in SAFI020 are both correctly set for the installed security system and that all installation requirements have been met.


SEFM028 *System files not found in environment table
Explanation

The current Natural system files were not matched in the table defining all possible system file sets.

Action

Ensure that the environment definitions in Natural Security are correct.


SEFM029 *Error in communications layer - check installation procedure
Explanation

Possible reasons for error: Adabas link module installed into this component is not reentrant.


SEFM030 *SQL table / VIEview could not be identified for file (XX,YY)
Explanation

Interface could not identify table name for DBID/FNR of an SQL request.

Action

Ensure interface is correctly installed, then contact your Software AG technical support representative.


SEFM031 *DBID / FNR identified with SQL request not recognized XXXX
Explanation

Interface component could not determine the DBID/FNR associated with this SQL request.

Action

Contact your Software AG technical support representative.


SEFM041 *Interface installed for Net-work
Explanation

The interface is installed for operation with Entire Net-Work.

Action

No action is required for this informational message.


SEFM049 *User type T not permitted by installed options
Explanation

The SAF Kernel will not permit user type T to operate using the currently installed options.


SEFM050 *Error writing SMF record : XX
Explanation

The stated error occurred when an SMF record was being written.


SEFM051 *SAFPRINT dataset not defined, DDPRINT will be used
Explanation

SAFPRINT=Y is set in SAFCFG, but no SAFPRINT dataset is defined.


SEFM060 * RACLIST REQUESTED FOR CLASS cccccccc
Explanation

The specified security class cccccccc has been configured to use FASTAUTH in SAFCFG. This message indicates the start of the RACLISTing process for this class.

Action

No action is required for this informational message.


SEFM061 * RACLIST SUCCESSFUL FOR CLASS cccccccc
Explanation

This message indicates RACLISTing has been successful for class cccccccc.

Action

No action is required for this informational message.


SEFM062 * RACLIST FAILED FOR CLASS cccccccc ERROR ssssssss
Explanation

This message indicates RACLISTing has failed for class cccccccc. The FASTAUTH option for this class cannot be honoured, authorization checks will be performed using RACROUTE REQUEST=AUTH (the default).

Action

Refer to Adabas SAF Security > Adabas SAF Security Messages and Codes > SAF Return Codes for information on how to interpret the error code ssssssss.


SEFM070 * LISTENER ACTIVE FOR SIGNAL ENF-xx
Explanation

This message indicates the signal listener has been successfully activated and is listening for ENF signal type xx.

Action

No action is required for this informational message.


SEFM071 * UNABLE TO ACTIVATE LISTENER FOR SIGNAL ENF-xx ERROR eeeeeeee
Explanation

This message indicates the signal listener could not be activated for ENF signal type xx. The error code is eeeeeeee.

Action

Contact your Software AG technical support representative.


SEFM072 * LISTENER TERMINATED FOR SIGNAL ENF-xx
Explanation

This message indicates the signal listener has been successfully de-activated and is no longer listening for ENF signal type xx.

Action

No action is required for this informational message.


SEFM073 * SIGNAL LISTENERS REQUESTED BUT INCOMPATIBLE RUNTIME
Explanation

This message indicates that signal listeners have been requested by configuration but there is an incompatibility between the Adabas SAF Security and the Adabas Limited Library (WAL) runtimes. The job continues to run, but without any active ENF Signal listeners.

Action

Ensure Adabas SAF Security is at least version 8.4 SP1, and the Adabas Limited Library (WAL) is at least version 8.5 SP4 Patch level 1.


SEFM074 * UNABLE TO ALLOCATE REQUIRED MEMORY FOR SIGNAL LISTENERS
Explanation

This message indicates a memory shortage when attempting to establish the signal listeners. The job continues to run, but without any active ENF Signal listeners.

Action

Review the REGION size for the job. Review the SIGNQSZ parameter.


SEFM075 * UNABLE TO TERMINATE SIGNAL LISTENERS. PLEASE TRY LATER
Explanation

SAF daemon only. This message indicates that Adabas SAF Security in the daemon has been unable to cleanly terminate the ENF Signal listeners in response to a SSIGTERM command. The ENF Signal listeners are asynchronous processes that were likely busy at the time of termination.

Action

Retry the SSIGTERM command at a later time


SEFM205 *CPU identity : cpuid
Explanation

The interface component linked to Entire Net-Work displays the CPU ID of the host machine.

Action

No action is required for this informational message.


SEFM210 *SAF Gateway is active for Entire Net-Work
Explanation

The Entire Net-Work SAF Security Interface is active.

Action

No action is required for this informational message.


SEFM255 *Unauthorized use of request
Explanation

Attempted illegal use of security request.

Action

Contact your Software AG technical support representative.


Operator Command Messages (SEFM900+ Series)

The following messages are displayed in response to operator commands:

Overview of Messages

SEFM900 | SEFM901 | SEFM902 - 905 | SEFM909 | SEFM910 | SEFM911 | SEFM913 | SEFM914 | SEFM915 | SEFM916 | SEFM918 | SEFM919 | SEFM920 | SEFM921 | SEFM922 | SEFM923 | SEFM924 | SEFM928 | SEFM929 | SEFM930 | SEFM931
SEFM900 * Operator issued command: command
Explanation

Entire Net-Work SAF Security Interface (ADASAF) or the SAF Security Kernel received the operator command identified in the message.

Action

No action is required for this informational message.


SEFM901 * SAF server - General statistics (at hhhhhhhh)
* SAF Security Kernel - General statistics (at hhhhhhhh)
Explanation

The operator command for general statistics was issued. Here is an example of the statistics messages produced for the SAF server:

SEFM901 * SAF SERVER - GENERAL STATISTICS (AT hhhhhhhh)
SEFM902 * RESOURCE    CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES LEN
SEFM903 * APPLICATION         1          0          0           0    8
SEFM903 * ADABAS              0          0          0           0   32
SEFM903 * SYSMAIN             0          0          0           0   13
SEFM903 * SYSTEM FILE         2          0          0           0   24
SEFM903 * PROGRAM             0          0          0           0   17
SEFM903 * BROKER              0          0          0           0   32
SEFM903 * NET-WORK            0          0          0           0    0
SEFM903 * SQL SERVER          0          0          0           0    0
SEFM904 * USERS - ACTIVE: 1 FREE: 55 OVEWRITES: 0

Here is an example of the statistics messages produced for the SAF Security Kernel:. The address in the first line is the address of the SAF Kernel's storage cache.

SEFM901 * SAF SECURITY KERNEL - SERVER STATISTICS (AT 12C47000)
SEFM902 * RESOURCE    CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES LEN
SEFM903 * APPLICATION        10          0          0           0    8
SEFM903 * DBMS CHECK          0          0          0           0   17
SEFM903 * SYSMAIN             0          0          0           0   21
SEFM903 * SYSTEM FILE         2          0          0           0   40
SEFM903 * PROGRAM             0          0          0           0   17
SEFM903 * BROKER              0          0          0           0   68
SEFM903 * NET-WORK            0          0          0           0   17
SEFM903 * SQL SERVER          0          0          0           0   32
SEFM904 * CACHED USERS:       1 HIGH WATERMARK:     1 MAX USERS:  5545
SEFM905 * OVERWRITES:         0 AUTHENTICATED:      0 DENIED:        0
Action

No action is required for this informational message.


SEFM902 - 905 statistics
Explanation

Various statistics for the SAF server and the SAF Security Kernel are displayed. See message SEFM901.

Action

No action is required for this informational message.


SEFM909 * {SAF Gateway | SAF Security Kernel} - shutdown initiated
Explanation

The operator issued a command to shut down Entire Net-Work SAF Security Interface or the daemon started task (SAF Security Kernel). This message is also issued when a secure Adabas nucleus, Net-Work node or Adabas SQL server terminates.

Action

No action is required for this informational message.


SEFM910 *{SAF Server | SAF Security Kernel} - list all active users
Explanation

The operator issued a command to display a list of currently active users.

The following is a sample of the output produced for the SAF server:

SEFM910 * SAF SERVER - LIST ALL ACTIVE USERS
SEFM911 * USERID      CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES BUFF
SEFM912 * K11079              3          0          0           0   0

The following is a sample of the output produced for the SAF Security Kernel:

SEFM910 * SAF GATEWAY - LIST ALL ACTIVE USERS
SEFM911 * USERID CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES BUFF
SEFM912 * K11079         3          0          0           0   0
Action

No action is required for this informational message.


SEFM911 *userid . . .
Explanation

The operator issued a command to display statistics specific to a currently active user.

The following is a sample of the output produced for the SAF server:

SEFM911 * NXB         CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES  BUFF
SEFM912 * APPLICATION         1          0          0           0    0
SEFM912 * DBMS CHECK          0          0          0           0    0
SEFM912 * SYSMAIN             0          0          0           0    0
SEFM912 * SYSTEM FILE         2          0          0           0    0
SEFM912 * PROGRAM             0          0          0           0    0
SEFM912 * BROKER              0          0          0           0    0
SEFM912 * NET-WORK            0          0          0           0    0
SEFM912 * SQL SERVER          0          0          0           0    0

The following is a sample of the output produced for the SAF Security Kernel:

SEFM911 * SJU         CHECK(+VE) CHECH(-VE) CHECK SAVED OVERWRITES  BUFF
SEFM912 * APPLICATION        10          0            0           0   10
SEFM912 * DBMS CHECK          0          0            0           0    0
SEFM912 * SYSMAIN             0          0            0           0    0
SEFM912 * SYSTEM FILE         2          0            0           0    2
SEFM912 * PROGRAM             0          0            0           0    0
SEFM912 * BROKER              0          0            0           0    0
SEFM912 * NET-WORK            0          0            0           0    0
SEFM912 * SQL SERVER          0          0            0           0    0
Action

No action is required for this informational message.


SEFM913 * No active users found in SAF {Server | Gateway | Security Kernel}
Explanation

No active users were found in Entire Net-Work SAF Security Interface (ADASAF) or in the SAF Security Kernel.

Action

No action is required for this informational message.


SEFM914 * Requested user userid not found in SAF {Server | Gateway | Security Kernel}
Explanation

The requested user was not found in the Entire Net-Work SAF Security Interface (ADASAF) or in the SAF Security Kernel.

Action

No action is required for this informational message.


SEFM915 SEFM915 * SAF Security Kernel - snap of server memory
Explanation

This message is issued in response to an SSNAP operator command and is followed by a sequence of SEFM916 messages.

Action

No action is required for this informational message.


SEFM916 * hhhhhhhh hhhhhhhh hhhhhhh hhhhhhhh hhhhhhhh.x..X.Y/
Explanation

This message contains the results of an SSNAP command. Each SSNAP snaps up to 256 bytes and shows the address, the hexadecimal storage contents, and the interpretation.

Action

No action is required for this informational message.


SEFM918 * Supplied address is outside of legal range
Explanation

An attempt was made to snap storage outside the bounds of the SAF Kernel's cache.


SEFM919 *Operator command did not contain required arguments
Explanation

A required parameter was omitted from an operator command. For example, SUSTAT with no userid specified.

Action

Correct the operator command and try again.


SEFM920 command1, command2, command3, and so on
Explanation

This message is issued in response to an SHELP operator command and lists the available SAF Kernel operator commands.

Action

No action is required for this informational message.


SEFM921 * Memory allocation failure - users cannot be logged off
Explanation

The SAF Kernel was unable to obtain temporary storage (approximately 16Kb) to log users off in response to an SREST, SNEWCOPY or SLOGOFF operator command.

Action

Increase the region size.


SEFM922 * User userid logged off
Explanation

This message is issued in response to an SLOGOFF operator command. The indicated user has been logged off from the security system.

Action

No action is required for this informational message.


SEFM923 * User userid not logged off - user not found
Explanation

This message is issued in response to an SLOGOFF operator command. The requested user could not be found in the SAF Kernel’s cache.

Action

Verify the correct user ID was specified.


SEFM924 * User userid not logged off - return code ZZ
Explanation

This message is issued in response to an SLOGOFF operator command. An internal error (indicated by ZZ) occurred while attempting to log the requested user off.

Action

Evaluate the return code to determine the cause of the error.


SEFM928 * Invalid trace setting - must be 0, 1, 2 or 3
Explanation

The STRACE operator command was issued with an invalid trace setting.

Action

Correct the trace setting and try again.


SEFM929 * Invalid SAF Security Kernel operator command
Explanation

An invalid SAF Security Kernel operator command was entered.

Action

Specify a valid SAF Security Kernel operator command.


SEFM930 * SIGNAL SREST INTERVAL COUNTS:
Explanation

When the ENF Signal Listener is active, this message is appended to the general statistics displayed by message SEFM901 as a result of an SSTAT or SREST command. Together with SEFM931, counts are displayed relating to the number of ENF Signal conditions which have resulted in an SREST operation being requested, since the time of the last completed SREST operation.

Action

No action is required for this informational message.


SEFM931 * QUEUE FULL: nnnnnnnn ENF-62: nnnnnnnn
* ENF-71: nnnnnnnn ENF-79: nnnnnnnn
Explanation

When the ENF Signal Listener is active, this message is appended to the general statistics displayed by message SEFM901 as a result of an SSTAT or SREST command. Counts are displayed relating to the number of ENF Signal conditions which have resulted in an SREST operation being requested, since the time of the last completed SREST operation.

QUEUE FULL

The number of times a free entry in the ENF Signal Listener Queue could not be found.

ENF-nn

The number of times the ENF Signal Listener was unable to identify the signal type nn as belonging to a specific user.

Action

No action is required for this informational message.