On Thu, 10 Jul 2014 21:16:14 +0200, Peter Hunkeler wrote:
>Let me try to conclude this thread as it has drifted apart from the original
>question to the question whether an 8 char (MVS) userid can become valid TSO
>user (which it *cannot*).
>
>My interest was to find out why some TSO commands can be used in a *batch* job
>while others (which?) cannot when the job is running under an 8 char (MVS)
>userid?
>
>My understanding at this point is that some commands need a valid TSO control
>block structure, some don't. The latter can be used in the above environment,
>the former not.
>
>The TSO CONSOLE command seems to belong to the former category, because it
>needs the user to be authorized for TSOAUTH/CONSOLE. This check is however not
>even tried when there is not valid TSO control block structure.
>
>I assume the same is true for all TSO commands that require authorization via
>TSOAUTH class profile.
The CONSOLE command probably inspects the PSCBCNAU bit in the PSCB and fails
with "USER DOES NOT HAVE CONSOLE COMMAND AUTHORITY" if it is not set. Due to
the message "NO VALID TSO USERID, DEFAULT USER ATTRIBUTES USED", I suspect that
the user's TSOAUTH settings in RACF will be ignored, and the PSCBCNAU bit will
not be set.
It would be interesting to see what is in the 7-character PSCBUSER field in
batch when the userid is 8-characters. The following should display the first
17 bytes of the PSCB in hex. Could you run it and share the results?
//BATCH EXEC PGM=IKJEFT01
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
TEST *(IEBGENER)
L 10.%%+4%+b4%+108% x L(17)
END
The first 7 bytes will be PSCBUSER.
The last 2 hex digits displayed will be the PSCBATR1 byte, and the rightmost
bit will be PSCBCNAU.
Bill
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
