Good suggestions on the trace. Could one just put RACF in warn mode, try the command and determine what is causing the command to fail.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Pinnacle Sent: Tuesday, December 16, 2008 1:21 PM To: IBM-MAIN@bama.ua.edu Subject: Re: SDSF Security ----- Original Message ----- From: "Hal Merritt" <hmerr...@jackhenry.com> Newsgroups: bit.listserv.ibm-main Sent: Tuesday, December 16, 2008 12:28 PM Subject: SDSF Security > My operations folks would like to use the SR panel to manage WTOR's. All > of the applicable RACF profiles seem to be in place and they can issue > the replies from the LOG screen. > > The error message returned is "Not authorized for cmd". Nothing else > even though WTPMSG is in effect. > Hal, SDSF does so many RACROUTEs that it suppresses nearly all ICH408I messages for security failures. To fix this, you need to turn on the SDSF security trace (I forget the details, RTFM), run your command, turn off the trace, then look at the output. It will show you the RACROUTE call, the resource, and the return codes, so you can code up the proper PERMIT. Regards, Tom Conley ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html