Hi,
A long, long time ago, in another century, I asked a colleague of mine to
write an assembler program to do just that. It resides on a LINKLIB PDS,
and it is not APF authorized. I have been using it ever since, without
recompiling, since OS/390 1.1 up to z/OS 4.2. (I Have not tried it on a
more recent z/OS).
It is used like this:
class="FACILITY"
profile="BPX.SUPERUSER"
parse value checkaut(class,profile),
with 1 rk1 3 rk2 5 rk3 7 .
if (rk1=00 & rk2=20 &rk3>=0) then
do
say "you do not have that access"
end
RK1 and RK2 has to have those values (SAF standard return codes for
existing profiles). RK3 has the RACF level access, zero for none, four for
READ, etc.
If anyone is interested I can send you the source code.
Regards,
Jack
On Tue, 17 Jan 2023 at 21:44, Farley, Peter <
0000031df298a9da-dmarc-requ...@listserv.ua.edu> wrote:
> I don't know about Cameron, but I would be interested in a way to ask RACF
> (or TSS if possible) from Rexx whether I have read access to a DSN.
>
> Is that possible for a non-authorized "ordinary" user, or is that road the
> kind that is normally blocked to prevent "insider snooping"?
>
> If you posted here about it previously, can you pinpoint the date (or at
> least the year and month) so one could effectively search the IBM-MAIN
> archives?
>
> Peter
>
> -----Original Message-----
> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf
> Of Bob Bridges
> Sent: Tuesday, January 17, 2023 4:35 PM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Re: REXX Question
>
> EXTERNAL EMAIL
>
> If it works, great. But since I was all primed to offer another kind of
> solution, I'm remembering an explanation I sent once about how to ask RACF
> (and I take it from your symptoms that you are running RACF) whether you
> have READ access to a particular dataset. It seems to me it can be adapted
> to check whether you have UPDATE access. It's more complicated than the
> below, but if you're interested....
>
> ---
> Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
>
> /* When I was ten, I read fairy tales in secret and would have been
> ashamed if I had been found doing so. Now that I am fifty I read them
> openly. When I became a man I put away childish things, including the fear
> of childishness and the desire to be very grown up. -C.S. Lewis */
>
> -----Original Message-----
> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf
> Of Cameron Conacher
> Sent: Tuesday, January 17, 2023 15:41
>
> Thank you.
> This looks like just what I needed.
> Appreciate the assistance.
>
> ---
> From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf
> Of Seymour J Metz
> Sent: Tuesday, January 17, 2023 3:03 PM
>
> Did you try CONTROL ERRORS RETURN?
>
> ________________________________________
> From: Cameron Conacher
> Sent: Tuesday, January 17, 2023 2:48 PM
>
> I have some REXX statements that use LMCOPY to copy members from one
> library to another.
> This is pretty straight forward stuff.
> Recently, I ran into a situation where I was not authorized to access the
> output library.
> And when the REXX ran, it ABENDed with a 913 error message.
> My REXX checks the return code value from the LMCOPY, but apparently, the
> LMCOPY does not return. I can't seem to trap the not authorized error, and
> generate a polite message for the JOB.
>
> After issuing the LMCOPY command, I check, and if the return code is not
> one of 0, 8, or 12 I generate an error message.
> On the other hand
> if it is zero I generate a success message if it is 8 I generate a success
> message if it is 12 I generate a message indicating I did not replace the
> member in the target library because the member already existed and the
> REPLACE flag was not set.
>
> The other return codes documented for LMCOPY are
> 16 = TRUNCATION Error
> 20 = Sever Error; unable to continue.
>
> I was kind of expecting to see the LMCOPY return set as 20.
> Is there something I can set to trap the 913 (Not Authorized error) ?
> I can live with what I have. I was just looking to polish things up a
> little bit.
>
> I wanted to send out a message that literally says "You do not have the
> authority to access Library ..... Please reach out to the Security team
> at... and have them authorize your RACF ID. Then restart this JOB at
> step.... If you have additional questions, please see ....."
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
> This message and any attachments are intended only for the use of the
> addressee and may contain information that is privileged and confidential.
> If the reader of the message is not the intended recipient or an authorized
> representative of the intended recipient, you are hereby notified that any
> dissemination of this communication is strictly prohibited. If you have
> received this communication in error, please notify us immediately by
> e-mail and delete the message and any attachments from your system.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
