I also see that a userid of *BYPASS* is supported in some circumstances. There are some notes under this in the RACROUTE manual under REQUEST=VERIFY.
Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd Web: www.rsmpartners.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Lennie Dymoke-Bradshaw Sent: 20 April 2020 20:37 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] JESSPOOL problem accessing SYSLOG Interesting. Seems to raise 2 questions. 1. Why is the 2nd qualifier "*BYPASS*"? 2. Why can you not find a profile that will match it? When I look at all the output on my system (z/OS 2.3) by setting no prefix and using the O SDF primary command, I see that the SYSLOG task is using a userid of +MASTER+. What is yours using? Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd Web: www.rsmpartners.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Lou Losee Sent: 20 April 2020 20:29 To: IBM-MAIN@LISTSERV.UA.EDU Subject: [IBM-MAIN] JESSPOOL problem accessing SYSLOG I posted this to RACF-L earlier, but have not received a response to help solve the problem so I have decided to cross-post here. I have a problem accessing the SYSLOG from SDSF on one LPAR. The problem appears to be caused by the second qualifier in the RACHECK request being *BYPASS* when it usually (on other systems/LPARs) is +MASTER+. Here is the ICH408I message I receive: ICH408I USER(THEUSER) GROUP(THEGROUP ) NAME(JOHN SMITH ) TST1JES.*BYPASS*.SYSLOG.SYSTEM.TST1 CL(JESSPOOL) PROFILE NOT FOUND - REQUIRED FOR AUTHORITY CHECKING ACCESS INTENT(READ ) ACCESS ALLOWED(NONE ) I have tried creating the following JESSPOOL profiles yet still get the same error: TST1JES.** TST1JES.%BYPASS%.SYSLOG.SYSTEM.TST1 TST1JES.*.SYSLOG.SYSTEM.TST1 Has anyone run into this before and have a solution? Right now the only ways I have found to get around it are: 1) Deactivate JESSPOOL (i.e., SETR NOCLASSACT(JESSPOOL)) 2) Setting the SDSF property SECURITY.SYSLOG.USESAFRECVR to TRUE. Lou ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
