On Mon, 14 Feb 2011 19:22:40 -0800, Scott Ford <[email protected]> wrote:
>After reading the TSO/E manuals on IKJEFTSR I am confused on whether or not I >can call >'SEARCH CLASS(USER)' from a Cobol or Assembler program. Can someone enlighten >me ? > >I see a RC=20, RSN=60 coming back from the call, do I assume I cant call >RACF(SEARCH CLASS(USER) or did I miss something in my >understanding of how IKJEFTSR works. I did establish an environment first >IKJTSOEV ...no problem rc=0, rsn=0 .. IKJEFTSR can not run APF-authorized commands in environments established by IKJTSOEV. SEARCH is an APF-authorized command. If you want to run SEARCH from a COBOL or asssembler program then either: (a) you would need to run that program in a TSO session established by IKJEFT01 instead; or (b) you would need to run the COBOL or assembler program APF-authorized, establish the environment using IKJTSOEV, and then ATTACH the SEARCh command yourself, not using IKJEFTSR. However, a better approach would be to avoid using SEARCH from a program. Its output is not an intended programming interface. Instead, I would use the R_admin callable service and use the function that lets you extract user profile information. You'll find that documented in RACF Callable Services. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
