In a message dated 7/1/2006 7:21:51 P.M. Central Standard Time, [EMAIL PROTECTED] writes:
Running ADCD 1.6 using TSO userid IBMUSER. What must I do to give this userid authority to execute TSO command PARMLIB? I thought IBMUSER had authority to do everything. Is there another userid that will have more authority than >> Customarily IBMUSER has authority to ALTER most datasets and profiles. Are you seeing any ICH messages in syslog? Is PARMLIB authorized? Here's the verbiage from the TSO/E Customization Manual 5.7 Chapter 31. Customizing the PARMLIB Command The PARMLIB command lets you list and update TSO/E specifications that are in effect on the system. Those TSO/E specifications include tables of authorized commands and programs, and default values for some TSO/E commands. The CHECK function of the PARMLIB command lets you check the syntax of any IKJTSOxx member of SYS1.PARMLIB, including active members. Before people at your installation can use the PARMLIB command, you must add PARMLIB to the table of authorized commands. _Chapter 10, "Specifying_ (http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ikj4b450/3.5?SHELF=IKJ4BK 50&DT=20040623101959#HDRPAUL) _Authorized Commands/Programs, and Commands Not Supported in the_ (http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ikj4b450/3.5?SHELF=IKJ4BK50&DT=20040623101959#HDRPAUL) _Background" in topic 3.5_ (http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/ikj4b450/3.5?SHELF=IKJ4BK50&DT=20040623101959#HDRPAUL) describes how to maintain and update the table. You should also limit individual users from using the PARMLIB command. You can limit users in one of the following ways: * Using PARMLIB exit routine IKJPRMX1. When a user issues PARMLIB, IKJPRMX1 can check the user ID and issue a return code to let the user continue, to cancel the PARMLIB command, or to invoke authority checking through RACF. Using RACF. You can use the RACF RDEFINE command to define PARMLIB as a RACF resource belonging to the TSOAUTH RACF class. Then give selected users access to the PARMLIB resource using the RACF PERMIT command. Users who will use the CHECK or LIST operands will require READ access to the TSOAUTH-class PARMLIB profile; in order to use the UPDATE operand, UPDATE access to the profile will be needed. Note that users do NOT require a TSO segment in order to gain access to the PARMLIB profile in the TSOAUTH class. In addition to controlling access to the PARMLIB command, you can customize the PARMLIB command by writing exits to tailor or monitor its processing. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
