Re: STGADMIN.ADR.DUMP.TOLERATE.ENQF

[R.S.]

W dniu 2011-02-04 00:33, Frank Swarbrick pisze:
Interesting.
I'm not clear where this is documented, but I'll see what my RACF admin has to 
say.
Basically, I tried in our prod LPAR to backup (DUMP) a file that was currently 
open to CICS; thus the TOLERATE(ENQF).  But I could not perform it because...
ICH408I USER(DVFJS   ) GROUP(DEPT9971) NAME(FRANK SWARBRICK     )  928
   STGADMIN.ADR.DUMP.TOLERATE.ENQF CL(FACILITY)
   INSUFFICIENT ACCESS AUTHORITY
   FROM STGADMIN.ADR.** (G)
   ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )

That's quite obvious.
Some basics: resource is a string STGADMIN.ADR.DUMP.TOLERATE.ENQF
RACF db holds the profiles. In your case your RACF db has no profile 
equal to resource name, but it holds *generic* profile STGADMIN.ADR.** 
which covers required resource.
In your case this profile is to wide in scope. Your RACF admin should 
consider definition of STGADMIN.ADR.STGADMIN.** - this profile is 
powerfule and dangerous. The old profile could be defined with 
UACC(READ) which means "available to anyone".

In other words, your RACF admin unnecessarily restricted some functions.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 16.07.2010 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.248.328 zotych. 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html