Shelia,

That helped, but only a little more info was supplied:








*+ISF024I USER SYS4723   NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT
  +ISF024I USER SYS4723   NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT
  ISF051I SAF Access denied  SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
  .ISFSPROG.SDSF Reqstor=ISFGROUP Log=NONE
  ISF051I SAF Access denied  SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
  .ISFOPER.SDSF Reqstor=ISFGROUP Log=NONE
 ISF051I SAF Access denied  SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP
.ISFUSER.SDSF Reqstor=ISFGROUP Log=NONE   *

I guess I don't know what "group assignment"means; the user has read access
to all three groups, according to RACF.


















































*CLASS      NAME                                               -----
 ----                                               SDSF
GROUP.ISFSPROG.SDSF
                                      GROUP CLASS NAME
                         ----- ----- ----
           GSDSF
                                                            RESOURCE GROUPS
                                              -------- ------
                                NONE

      LEVEL  OWNER      UNIVERSAL ACCESS  YOUR ACCESS  WARNING      -----
 --------   ----------------  -----------  -------       00    IBMUSER
    READ               READ    NO
                              INSTALLATION DATA
                -----------------
  NONE
                                                  APPLICATION DATA
                                     ----------------
                       NONE

SECLEVEL                                                      --------
                                                 NO SECLEVEL

                      CATEGORIES
         ----------                                                    NO
CATEGORIES
                                              SECLABEL
                                 --------
                   NO SECLABEL

AUDITING                                                      --------
                                                 FAILURES(READ)

                      GLOBALAUDIT
        -----------                                                   NONE

                                            NOTIFY
                               ------
                 NO USER TO BE NOTIFIED
                                                                 USER
 ACCESS   ACCESS COUNT                               ----      ------
------ -----                               MAINUSR    ALTER       000000
     *
*SYS4723    READ        000000*

Mike Shaw
MVS/QuickRef Support Group
Chicago-Soft, Ltd.


On Fri, Feb 20, 2026 at 2:12 PM Chalk, Shelia <[email protected]> wrote:

> Hello,
>
> I found all this stuff in the racf manual.
>
> Try this
> The user will be placed into the FIRST SDSF group that they SAF READ access
>
> Have user signon  and
> tso alloc fi(isfsectw) dummy reus
> then get  into sdsf
> look at the messages and see what profile you are missing in racf
> then
> tso free fi(isfsectw)
>
> or try this
>
>     turn on security
> /$TDEBUG,SECURITY=YES
> Then try sdsf and look at the syslog
> Then fix the issue
> /$TDEBUG,SECURITY=NO
>
> Hopefully this makes sense.
>
> Thanks
>
> Shelia Chalk
> Mainframe System Programmer
> [email protected]
>
> -----Original Message-----
> From: IBM Mainframe Discussion List <[email protected]> On Behalf
> Of Mike Shaw
> Sent: Friday, February 20, 2026 10:58 AM
> To: [email protected]
> Subject: [EXT] SDSF ISF024I message
>
> Please Note: This email is from an [EXTERNAL] sender. Do not click on
> links or attachments unless you expect them from the sender and know the
> content is safe. Please contact the Service Desk if you have any concerns
> regarding this message.
>
>
>
> Everyone,
>
> New z/OS V3R2 system, adding new user id SYS4723. Getting this message
> when new user invokes SDSF:
>
> *ISF024I USER SYS4723   NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT*
>
> but I had previously added the user to the ISFSPROG group in RACF:
>
> CLASS      NAME
> -----      ----
> SDSF       GROUP.ISFSPROG.SDSF
>
> GROUP CLASS NAME
> ----- ----- ----
> GSDSF
>
> ----      ------   ------ -----
> MAINUSR   ALTER       000000
> SYS4723    READ       000000
>
> I did a refresh of all in-storage RACF stuff after giving user READ access
> to that group, to no avail.
>
> ISFPRM00 does have ISFSPROG group in it:
>
>
>
>
>
>
>
>
>
>
> *GROUP NAME(ISFSPROG),       /* Group name
> TSOAUTH(JCL,OPER,ACCT),   /* User must have JCL, OPER, ACCT    ACTION(ALL),
>              /* All route codes displayed         ACTIONBAR(YES),
> /* Display the action bar on panels  APPC(ON),                 /* Include
> APPC sysout               AUPDT(2),                 /* Minimum auto update
> interval      AUTH(ALL),                /* All authorized functions
>    BROWSE(NONE),             /* Browse default action character
> CMDAUTH(ALL),             /* Commands allowed for all jobs     CMDLEV(7),
>              /* Authorized command level    */*
> *   ... etc*
>
> I am obviously missing something...any clues are appreciated...
>
> Mike Shaw
> MVS/QuickRef Support Group
> Chicago-Soft, Ltd.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions, send email
> to [email protected] with the message: INFO IBM-MAIN
> ======================================= This email, and any files
> transmitted with it, is confidential and intended solely for the use of the
> individual or entity to which it is addressed. If you have received this
> email in error, please notify the system manager. This message contains
> confidential information and is intended only for the individual named. If
> you are not the named addressee, you should not disseminate, distribute or
> copy this e-mail. Please notify the sender immediately by e-mail if you
> have received this message by mistake and delete this e-mail from your
> system. If you are not the intended recipient, you are notified that
> disclosing, copying, distributing or taking any action in reliance on the
> contents of this information is strictly prohibited.
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to