> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Walt Farrell > Sent: Monday, April 25, 2011 12:06 PM > To: [email protected] > Subject: Re: Changing SMS Management Class Fails with RC 10 Reason 1C > > On Mon, 25 Apr 2011 11:25:42 -0500, McKown, John > <[email protected]> wrote: > > >Basically you cannot do what you want because the RACF id of > SANCHEZ is in > REVOKEd status. It is weird, to me, that you cannot affect a > revoked user's > datasets. But I've had it happen too many times. > > > > The point you don't seem to understand, John, is that the > check is not about > the user running the command, but about the "resource owner" > (RESOWNER) of > the data set, and the check is to determine whether that > RESOWNER is allowed > to use a particular SMS management class or storage class. > And when the > RESOWNER is a revoked user ID RACF cannot perform the check. > > You can specify, via the USE_RESOWNER parameter in > PARMLIB(IGDSMSxx) whether > it is the RESOWNER who must have authority to use management > classes and > storage classes or the user (user allocating a new data set, or > administrator using commands). By default, the system checks > the RESOWNER's > authority, and that can lead to the failures you've seen. > > -- > Walt Farrell > IBM STSM, z/OS Security Design
Thanks for the education! I'll look into what I might do about that RESOWNER thing-a-ma-bob <grin>. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
