Hello,

I found all this stuff in the racf manual.

Try this
The user will be placed into the FIRST SDSF group that they SAF READ access

Have user signon  and
tso alloc fi(isfsectw) dummy reus
then get  into sdsf
look at the messages and see what profile you are missing in racf
then
tso free fi(isfsectw)

or try this

    turn on security
/$TDEBUG,SECURITY=YES
Then try sdsf and look at the syslog
Then fix the issue
/$TDEBUG,SECURITY=NO

Hopefully this makes sense.

Thanks

Shelia Chalk
Mainframe System Programmer
[email protected]

-----Original Message-----
From: IBM Mainframe Discussion List <[email protected]> On Behalf Of 
Mike Shaw
Sent: Friday, February 20, 2026 10:58 AM
To: [email protected]
Subject: [EXT] SDSF ISF024I message

Please Note: This email is from an [EXTERNAL] sender. Do not click on links or 
attachments unless you expect them from the sender and know the content is 
safe. Please contact the Service Desk if you have any concerns regarding this 
message.



Everyone,

New z/OS V3R2 system, adding new user id SYS4723. Getting this message when new 
user invokes SDSF:

*ISF024I USER SYS4723   NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT*

but I had previously added the user to the ISFSPROG group in RACF:

CLASS      NAME
-----      ----
SDSF       GROUP.ISFSPROG.SDSF

GROUP CLASS NAME
----- ----- ----
GSDSF

----      ------   ------ -----
MAINUSR   ALTER       000000
SYS4723    READ       000000

I did a refresh of all in-storage RACF stuff after giving user READ access to 
that group, to no avail.

ISFPRM00 does have ISFSPROG group in it:










*GROUP NAME(ISFSPROG),       /* Group name
TSOAUTH(JCL,OPER,ACCT),   /* User must have JCL, OPER, ACCT    ACTION(ALL),
             /* All route codes displayed         ACTIONBAR(YES),
/* Display the action bar on panels  APPC(ON),                 /* Include
APPC sysout               AUPDT(2),                 /* Minimum auto update
interval      AUTH(ALL),                /* All authorized functions
   BROWSE(NONE),             /* Browse default action character
CMDAUTH(ALL),             /* Commands allowed for all jobs     CMDLEV(7),
             /* Authorized command level    */*
*   ... etc*

I am obviously missing something...any clues are appreciated...

Mike Shaw
MVS/QuickRef Support Group
Chicago-Soft, Ltd.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
[email protected] with the message: INFO IBM-MAIN
======================================= This email, and any files transmitted 
with it, is confidential and intended solely for the use of the individual or 
entity to which it is addressed. If you have received this email in error, 
please notify the system manager. This message contains confidential 
information and is intended only for the individual named. If you are not the 
named addressee, you should not disseminate, distribute or copy this e-mail. 
Please notify the sender immediately by e-mail if you have received this 
message by mistake and delete this e-mail from your system. If you are not the 
intended recipient, you are notified that disclosing, copying, distributing or 
taking any action in reliance on the contents of this information is strictly 
prohibited.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to