Are you referring to the ISFPRM00 parmlib member?
The ISFOPER group starts off like this:
GROUP NAME(ISFOPER),/* Group name */
TSOAUTH(JCL,OPER), /* User must have JCL and OPER */
ACTION(ALL),/* All route codes displayed
On Wed, 26 Mar 2008 08:25:04 -0500, Rich Smrcina [EMAIL PROTECTED] wrote:
Are you referring to the ISFPRM00 parmlib member?
The ISFOPER group starts off like this:
GROUP NAME(ISFOPER),/* Group name */
TSOAUTH(JCL,OPER), /* User must have JCL and OPER
In [EMAIL PROTECTED], on 03/24/2008
at 03:30 PM, Rich Smrcina [EMAIL PROTECTED] said:
I read sdsf. for the output. This essentially works, the problem is
that when I run this in batch I only see myself. If I run this in TSO I
can see all of the executing jobs on the system.
Compare your
: Tuesday, March 25, 2008 1:20 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
In TSO, I get this from the WHO command on the P390 user:
USERID=P390,PROC=DBSPROC,TERMINAL=LCL701,GRPINDEX=2,GRPNAME=ISFOPER,
MVS=z/OS 01.04.00,JES2=z/OS 1.4,SDSF=HQX7707,ISPF=5.2,RMF/DA=NOTACC
Mark Zelden wrote:
But I see 2 problems:
1) That still won't get you to fall into the ISFOPER group since it
has TSOAUTH(JCL,OPER) and batch only gets TSOAUTH(JCL). Did you
read my post from yesterday on this?
Yes, I didn't have the ability to respond to all of the emails yesterday
and I
Rick,
I don't believe you have a security issue. It has been a while, but I tend to
remember having to use OWNER with no operand in order to see all the jobs
on the system (not just my own) when running SDSF in batch. Please feed
that into ISFIN on in.1 with DA on in.2 and in.0 set to 2. Let
Hank,
I tried this...
in.2 = DA
in.1 = OWNER
in.0 = 2
execio * diskw isfin (STEM IN. finis)
address linkmvs SDSF
execio * diskr isfout (STEM SDSF. finis)
FREE F(ISFIN ISFOUT)
And got the same output.
Thanks for the response. Any other ideas?
Hank Medler wrote:
Rick,
I don't believe you
, 2008 1:44 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
Hank,
I tried this...
in.2 = DA
in.1 = OWNER
in.0 = 2
execio * diskw isfin (STEM IN. finis)
address linkmvs SDSF
execio * diskr isfout (STEM SDSF. finis)
FREE F(ISFIN ISFOUT)
And got the same output.
Thanks
Of Rich
Smrcina
Sent: Tuesday, March 25, 2008 1:44 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
Hank,
I tried this...
in.2 = DA
in.1 = OWNER
in.0 = 2
execio * diskw isfin (STEM IN. finis)
address linkmvs SDSF
execio * diskr isfout (STEM SDSF. finis)
FREE F(ISFIN ISFOUT
: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rich
Smrcina
Sent: Tuesday, March 25, 2008 1:44 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
Hank,
I tried this...
in.2 = DA
in.1 = OWNER
in.0 = 2
execio * diskw isfin (STEM IN. finis)
address linkmvs
Your previous response also asked for the WHO output, here it is.
USERID=P390,PROC=BATCH,TERMINAL=BATCH,GRPINDEX=3,GRPNAME=ISFUSER,MVS=z/OS
01.04
RMF/DA=NOTACC,SERVER=YES,SERVERNAME=SDSF,JESNAME=JES2,MEMBER=SYS1,SYSNAME=P390,
Are PREFIX and SET DISPLAY commands entered by themselves (like
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
Your previous response also asked for the WHO output, here it is.
USERID=P390,PROC=BATCH,TERMINAL=BATCH,GRPINDEX=3,GRPNAME=ISFUSER,MVS=z/OS
01.04
RMF/DA=NOTACC,SERVER=YES,SERVERNAME=SDSF,JESNAME=JES2,MEMBER=SYS1,SYSNAME=P390
I tried PREFIX and I get COMMAND NOT AUTHORIZED.
גדי בן אבי wrote:
Yes,
The PREFIX and SET DISPLAY command are entered by themselves
I thing the PREFIX command is the actual command your are missing.
Gadi
--
Rich Smrcina
VM Assist, Inc.
Phone: 414-491-6001
Ans Service: 360-715-2467
The you have to change your security settings either is ISFPARMS or RACF.
Gadi
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Rich
Smrcina
Sent: Tuesday, March 25, 2008 3:35 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security
That was actually part of the original post.
I added:
ILPROC(BATCH),
to:
GROUP NAME(ISFSPROG), in ISFPRM00. I also have this entry below:
NTBL NAME(BATCH)
NTBLENT STRING(BATCH),OFFSET(1)
To catch the PROC name BATCH when my job runs and authorize it as a
ISFSPROG TSO User instead of
And see if the PREFIX is set to * for all names.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of ??? ?? ???
Sent: Tuesday, March 25, 2008 7:07 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
1. Issue the OWNER command
] On
Behalf Of ??? ?? ???
Sent: Tuesday, March 25, 2008 7:07 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
1. Issue the OWNER command before the DA command
2. Issue the WHO command. This will tell you many settings, and might
help explain the problem.
Gadi
--
Rich Smrcina
VM
in.2 = DA OJOB
perhaps?
Regards,
Ulrich Krueger
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Rich Smrcina
Sent: Tuesday, March 25, 2008 04:44
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
Hank,
I tried this...
in.2
Now I don't even appear on the list (the list is empty). :(
Ulrich Krueger wrote:
in.2 = DA OJOB
perhaps?
Regards,
Ulrich Krueger
--
Rich Smrcina
VM Assist, Inc.
Phone: 414-491-6001
Ans Service: 360-715-2467
rich.smrcina at vmassist.com
http://www.linkedin.com/in/richsmrcina
Catch the
On 25 Mar 2008 06:37:16 -0700, in bit.listserv.ibm-main
(Message-ID:[EMAIL PROTECTED])
[EMAIL PROTECTED] (Rich Smrcina) wrote:
I tried PREFIX and I get COMMAND NOT AUTHORIZED.
You had given us the output of the WHO command in
batch, but you never showed us the output from what you
On Tue, 25 Mar 2008 11:47:07 -0500, Arthur T. [EMAIL PROTECTED] wrote:
Many years back I found out that the userid used to
search the SDSF tables is *not* the RACF userid when done
from batch. Instead, it's the
jobname-minus-last-character. I had opened a PMR; I forget
details of the
On Tue, 25 Mar 2008 12:08:37 -0500, Mark Zelden [EMAIL PROTECTED]
wrote:
On Tue, 25 Mar 2008 11:47:07 -0500, Arthur T. [EMAIL PROTECTED] wrote:
Many years back I found out that the userid used to
search the SDSF tables is *not* the RACF userid when done
from batch. Instead, it's the
In TSO, I get this from the WHO command on the P390 user:
USERID=P390,PROC=DBSPROC,TERMINAL=LCL701,GRPINDEX=2,GRPNAME=ISFOPER,
MVS=z/OS 01.04.00,JES2=z/OS 1.4,SDSF=HQX7707,ISPF=5.2,RMF/DA=NOTACC,
and from batch:
USERID=P390,PROC=BATCH,TERMINAL=BATCH,GRPINDEX=3,GRPNAME=ISFUSER,MVS=z/OS
01.04
, 2008 3:20 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: More SDSF security questions
In TSO, I get this from the WHO command on the P390 user:
USERID=P390,PROC=DBSPROC,TERMINAL=LCL701,GRPINDEX=2,GRPNAME=ISFOPER,
MVS=z/OS 01.04.00,JES2=z/OS 1.4,SDSF=HQX7707,ISPF=5.2,RMF/DA=NOTACC,
and from batch
I'm trying to override an existing definition. can I not do that? Do I
need to create my own?
Mark Zelden wrote:
The biggest problem I have found with batch is that many shops have
SDSF security set up (from the default/sample parms) based on TSO
authorities (JCL, OPER, ACCT) and TSOAUTH is
I'm not sure I understand the question. If you are using parms similar to
hlq.SISFJCL(ISFPRM00) and want to do something in batch based on userid,
then you will have to add the group prior to the groups defined in those
parms (or at least prior to the ISFUSER group) since the first match is what
With last weeks SDSF security questions, I have to chime in with my
issue
I'm submitting an SDSF DA command via REXX in batch:
ALLOC F(ISFOUT) RECFM(F B A) LRECL(121) NEW UNIT(VIO) ,
DELETE CYLINDERS SPACE(1,1) REUSE DSORG(PS)
ALLOC F(ISFIN) RECFM(F B) LRECL(80) NEW UNIT(VIO) ,
27 matches
Mail list logo