That all depends.
I would think that in a typical RACF shop with list-of-groups enabled,
there would normally be no advantage in a user specifying an explicit
RACF group, so it is not something users would be inclined to try.
Hence, except in rare cases, and only with RACF groups that should have
very restricted usage like ARCCATGP, assuming users and their batch jobs
would be running under their default RACF group is not unwarranted (and
could be an installation standard for most users). Such default RACF
groups might reasonably be used in the ACS routines to grant some
ability a user might not otherwise have. As long as a user's default
group is not used to deny some authority, users would have no motivation
to attempt to override their default.
It is also occasionally useful to have a non default RACF group to which
only DASD admins are connected, and which alllows them to override some
normal ACS routine actions by specifying that RACF group at logon or in
batch. This gives a "privileged" user the power to do something unusual
(which might also be undesirable), but not accidentally, only after an
explicit act to enable that ability.
Joel C Ewing
On 02/07/2013 02:17 PM, Gibney, Dave wrote:
You need to also be aware that RACF List-of-groups does not apply. You get the
current group (default or as specified). Since you can't control which group a user
specifies, the use of &GROUP in ACS routines is not really very useful .
Dave Gibney
Information Technology Services
Washington State University
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
On Behalf Of Vernooij, CP - SPLXM
Sent: Wednesday, February 06, 2013 1:45 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: ACS routine based on RACF group
I don't see where you use &GROUP.
Furthermore:
X'04' X'16' X'00' X'55' Verify that SMS flags passed by the caller
match those in the FMT4 DSCB; FMT4 DSCB indicates volume is SMS-
managed, but data set is not SMS-managed.
What is the relation with &GROUP?
Kees.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
On Behalf Of Jake anderson
Sent: Wednesday, February 06, 2013 10:24
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: ACS routine based on RACF group
Dear All,
I did create the ACS routine based on &GROUP but it doesn't seems to be
picking.
"IGD17040I ERROR IN DADSM PROCESSING ON VOLUME OLDSGP FOR DATA
SET TEST.SAMPL.JCL HISTORIC RETURN CODE IS 192 DIAGNOSTIC
INFORMATION IS 04160055 IGD306I UNEXPECTED ERROR DURING
IGGDAC02 PROCESSING RETURN CODE 4 REASON CODE 85 THE MODULE
THAT DETECTED THE ERROR IS IGDVTSDA SMS MODULE TRACE BACK -
VTSDA VTSCR SSIRT SYMPTOM RECORD CREATED, PROBLEM ID IS
IGD00001"
ACS Script :
"********************************* Top of Data
*******************************
PROC 1 STORCLAS
/**************************************************************
********/
/* STORAGE CLASS ACS ROUTINE */
/**************************************************************
********/
/**************************************************************
********/
/* DEFINE FILTER LISTS */
/**************************************************************
********/
FILTLIST SYSDSET INCLUDE (SYS%.*)
FILTLIST HLQ1 INCLUDE(TEST.**)
/**************************************************************
********/
SELECT
/**************************************************************
********/
/* EXCLUDE SYSTEM DATA SETS */
/**************************************************************
********/
WHEN (&DSN = &SYSDSET)
SET &STORCLAS = ''
/**************************************************************
********/
/* USER DATASETS */
/**************************************************************
********/
/**************************************************************
********/
WHEN (&DSN = &HLQ1 | &STORCLAS = 'USRBASE')
SET &STORCLAS = 'USRBASE'
/**************************************************************
********/
END
/**************************************************************
********/
END
********************************* Top of Data
**********************************
PROC 1 STORGRP
/**************************************************************
********/
/* STORAGE GROUP ACS ROUTINE */
/**************************************************************
********/
/**************************************************************
********/
SELECT
/**************************************************************
********/
/* USER DATAASETS */
/**************************************************************
********/
WHEN (&STORCLAS='USRBASE')
SET &STORGRP = 'USRGROUP'
/**************************************************************
********/
END
/**************************************************************
********/
END
******************************** Bottom of Data
********************************"
ACS activation went well but not sure if i am correct.
Jake
On Wed, Feb 6, 2013 at 1:10 PM, R.S. <r.skoru...@bremultibank.com.pl>
wrote:
W dniu 2013-02-06 07:19, Jake anderson pisze:
Hello,
This could be simple or Dumb question and I apologize for it :) . I
have written ACS routine based on the filtlist criteria but i am just
curious to know if it is possible to write ACS
routine(STORCLAS&STORGROUP) based on user's racf group ? Intention is
just to make sure that a user belonging to a particular RACF default
group should be mapped to a specific STORAGE group.
Any suggestions or Ideas are highly appeciated..
RTFM
"&GROUP The RACF-defined default group associated with the user, or the
group specified in the GROUP keyword on the JCL JOB statement."
--
Radoslaw Skorupka
Lodz, Poland
...
--
Joel C. Ewing, Bentonville, AR jcew...@acm.org
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
