Shelia,
That helped, but only a little more info was supplied:
*+ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT
+ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT
ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
.ISFSPROG.SDSF Reqstor=ISFGROUP Log=NONE
ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
.ISFOPER.SDSF Reqstor=ISFGROUP Log=NONE
ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
.ISFUSER.SDSF Reqstor=ISFGROUP Log=NONE *
I guess I don't know what "group assignment"means; the user has read access
to all three groups, according to RACF.
*CLASS NAME -----
---- SDSF
GROUP.ISFSPROG.SDSF
GROUP CLASS NAME
----- ----- ----
GSDSF
RESOURCE GROUPS
-------- ------
NONE
LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING -----
-------- ---------------- ----------- ------- 00 IBMUSER
READ READ NO
INSTALLATION DATA
-----------------
NONE
APPLICATION DATA
----------------
NONE
SECLEVEL --------
NO SECLEVEL
CATEGORIES
---------- NO
CATEGORIES
SECLABEL
--------
NO SECLABEL
AUDITING --------
FAILURES(READ)
GLOBALAUDIT
----------- NONE
NOTIFY
------
NO USER TO BE NOTIFIED
USER
ACCESS ACCESS COUNT ---- ------
------ ----- MAINUSR ALTER 000000
*
*SYS4723 READ 000000*
Mike Shaw
MVS/QuickRef Support Group
Chicago-Soft, Ltd.
On Fri, Feb 20, 2026 at 2:12 PM Chalk, Shelia <[email protected]> wrote:
> Hello,
>
> I found all this stuff in the racf manual.
>
> Try this
> The user will be placed into the FIRST SDSF group that they SAF READ access
>
> Have user signon and
> tso alloc fi(isfsectw) dummy reus
> then get into sdsf
> look at the messages and see what profile you are missing in racf
> then
> tso free fi(isfsectw)
>
> or try this
>
> turn on security
> /$TDEBUG,SECURITY=YES
> Then try sdsf and look at the syslog
> Then fix the issue
> /$TDEBUG,SECURITY=NO
>
> Hopefully this makes sense.
>
> Thanks
>
> Shelia Chalk
> Mainframe System Programmer
> [email protected]
>
> -----Original Message-----
> From: IBM Mainframe Discussion List <[email protected]> On Behalf
> Of Mike Shaw
> Sent: Friday, February 20, 2026 10:58 AM
> To: [email protected]
> Subject: [EXT] SDSF ISF024I message
>
> Please Note: This email is from an [EXTERNAL] sender. Do not click on
> links or attachments unless you expect them from the sender and know the
> content is safe. Please contact the Service Desk if you have any concerns
> regarding this message.
>
>
>
> Everyone,
>
> New z/OS V3R2 system, adding new user id SYS4723. Getting this message
> when new user invokes SDSF:
>
> *ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT*
>
> but I had previously added the user to the ISFSPROG group in RACF:
>
> CLASS NAME
> ----- ----
> SDSF GROUP.ISFSPROG.SDSF
>
> GROUP CLASS NAME
> ----- ----- ----
> GSDSF
>
> ---- ------ ------ -----
> MAINUSR ALTER 000000
> SYS4723 READ 000000
>
> I did a refresh of all in-storage RACF stuff after giving user READ access
> to that group, to no avail.
>
> ISFPRM00 does have ISFSPROG group in it:
>
>
>
>
>
>
>
>
>
>
> *GROUP NAME(ISFSPROG), /* Group name
> TSOAUTH(JCL,OPER,ACCT), /* User must have JCL, OPER, ACCT ACTION(ALL),
> /* All route codes displayed ACTIONBAR(YES),
> /* Display the action bar on panels APPC(ON), /* Include
> APPC sysout AUPDT(2), /* Minimum auto update
> interval AUTH(ALL), /* All authorized functions
> BROWSE(NONE), /* Browse default action character
> CMDAUTH(ALL), /* Commands allowed for all jobs CMDLEV(7),
> /* Authorized command level */*
> * ... etc*
>
> I am obviously missing something...any clues are appreciated...
>
> Mike Shaw
> MVS/QuickRef Support Group
> Chicago-Soft, Ltd.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to [email protected] with the message: INFO IBM-MAIN
> ======================================= This email, and any files
> transmitted with it, is confidential and intended solely for the use of the
> individual or entity to which it is addressed. If you have received this
> email in error, please notify the system manager. This message contains
> confidential information and is intended only for the individual named. If
> you are not the named addressee, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately by e-mail if you
> have received this message by mistake and delete this e-mail from your
> system. If you are not the intended recipient, you are notified that
> disclosing, copying, distributing or taking any action in reliance on the
> contents of this information is strictly prohibited.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
