If RLIST commands show the user or a group they are connected to in the access list, then it sounds like a SETR RACLIST(SDSF) REFRESH might not have been performed after the access list was updated.
Tom Chicklon From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Mike Shaw Sent: Friday, February 20, 2026 3:38 PM To: [email protected] Subject: Re: [EXT] SDSF ISF024I message Shelia, That helped, but only a little more info was supplied: *+ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT +ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP .ISFSPROG.SDSF Reqstor=ISFGROUP Log=NONE ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP .ISFOPER.SDSF Reqstor=ISFGROUP Log=NONE ISF051I SAF Access denied SAFRC=8 ACCESS=READ CLASS=SDSF RESOURCE=GROUP .ISFUSER.SDSF Reqstor=ISFGROUP Log=NONE * I guess I don't know what "group assignment"means; the user has read access to all three groups, according to RACF. *CLASS NAME ----- ---- SDSF GROUP.ISFSPROG.SDSF GROUP CLASS NAME ----- ----- ---- GSDSF RESOURCE GROUPS -------- ------ NONE LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING ----- -------- ---------------- ----------- ------- 00 IBMUSER READ READ NO INSTALLATION DATA ----------------- NONE APPLICATION DATA ---------------- NONE SECLEVEL -------- NO SECLEVEL CATEGORIES ---------- NO CATEGORIES SECLABEL -------- NO SECLABEL AUDITING -------- FAILURES(READ) GLOBALAUDIT ----------- NONE NOTIFY ------ NO USER TO BE NOTIFIED USER ACCESS ACCESS COUNT ---- ------ ------ ----- MAINUSR ALTER 000000 * *SYS4723 READ 000000* Mike Shaw MVS/QuickRef Support Group Chicago-Soft, Ltd. On Fri, Feb 20, 2026 at 2:12 PM Chalk, Shelia <[email protected]<mailto:[email protected]>> wrote: > Hello, > > I found all this stuff in the racf manual. > > Try this > The user will be placed into the FIRST SDSF group that they SAF READ access > > Have user signon and > tso alloc fi(isfsectw) dummy reus > then get into sdsf > look at the messages and see what profile you are missing in racf > then > tso free fi(isfsectw) > > or try this > > turn on security > /$TDEBUG,SECURITY=YES > Then try sdsf and look at the syslog > Then fix the issue > /$TDEBUG,SECURITY=NO > > Hopefully this makes sense. > > Thanks > > Shelia Chalk > Mainframe System Programmer > [email protected]<mailto:[email protected]> > > -----Original Message----- > From: IBM Mainframe Discussion List > <[email protected]<mailto:[email protected]>> On Behalf > Of Mike Shaw > Sent: Friday, February 20, 2026 10:58 AM > To: [email protected]<mailto:[email protected]> > Subject: [EXT] SDSF ISF024I message > > Please Note: This email is from an [EXTERNAL] sender. Do not click on > links or attachments unless you expect them from the sender and know the > content is safe. Please contact the Service Desk if you have any concerns > regarding this message. > > > > Everyone, > > New z/OS V3R2 system, adding new user id SYS4723. Getting this message > when new user invokes SDSF: > > *ISF024I USER SYS4723 NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT* > > but I had previously added the user to the ISFSPROG group in RACF: > > CLASS NAME > ----- ---- > SDSF GROUP.ISFSPROG.SDSF > > GROUP CLASS NAME > ----- ----- ---- > GSDSF > > ---- ------ ------ ----- > MAINUSR ALTER 000000 > SYS4723 READ 000000 > > I did a refresh of all in-storage RACF stuff after giving user READ access > to that group, to no avail. > > ISFPRM00 does have ISFSPROG group in it: > > > > > > > > > > > *GROUP NAME(ISFSPROG), /* Group name > TSOAUTH(JCL,OPER,ACCT), /* User must have JCL, OPER, ACCT ACTION(ALL), > /* All route codes displayed ACTIONBAR(YES), > /* Display the action bar on panels APPC(ON), /* Include > APPC sysout AUPDT(2), /* Minimum auto update > interval AUTH(ALL), /* All authorized functions > BROWSE(NONE), /* Browse default action character > CMDAUTH(ALL), /* Commands allowed for all jobs CMDLEV(7), > /* Authorized command level */* > * ... etc* > > I am obviously missing something...any clues are appreciated... > > Mike Shaw > MVS/QuickRef Support Group > Chicago-Soft, Ltd. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected]<mailto:[email protected]> with the > message: INFO IBM-MAIN > ======================================= This email, and any files > transmitted with it, is confidential and intended solely for the use of the > individual or entity to which it is addressed. If you have received this > email in error, please notify the system manager. This message contains > confidential information and is intended only for the individual named. If > you are not the named addressee, you should not disseminate, distribute or > copy this e-mail. Please notify the sender immediately by e-mail if you > have received this message by mistake and delete this e-mail from your > system. If you are not the intended recipient, you are notified that > disclosing, copying, distributing or taking any action in reliance on the > contents of this information is strictly prohibited. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected]<mailto:[email protected]> with > the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected]<mailto:[email protected]> with the message: INFO IBM-MAIN This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
