On Sun, 13 Jan 2008 20:56:13 -0600, Yan Ying <[EMAIL PROTECTED]> wrote:
> Thanks for you reply.What confused me is I can send MVS/JES2
>cmd in my rexx program and get the return msg.The pgm look like that :
>CMD = '$D SPL'
>"CONSPROF SOLDISP(NO) SOLNUM(800)"
>"CONSOLE ACTIVATE NAME(DALCMD)"
>"CONSOLE SYSCMD("||CMD||") CART('DAL001')"
>GETCODE = GETMSG('DAL1.',,'DAL001','',10)
>"CONSOLE DEACTIVATE"
> The program is sub in JCL by IKJEFT01.
> Why DB2 cmd need special auth and how to get the auth.
Apparently (as Scott indicated), DB2 wants its commands to come from a
console with system (SYS) authority. On the other hand, $D should need only
INFO authority.
Check the OPERPARM segment of the USER profile that matches the console name
you use (by default, the system uses the running user ID as the console
name). The AUTH field should say SYS or a higher value.
Additionally, make sure that you have the OPERCMDS class active, and SETR
RACLISTED (if using RACF), and that you have access to OPERCMDS resource
MVS.MCSOPER.console-name because without that access you'll only have INFO
authority regardless of what the OPERPARM segment specifies.
--
Walt Farrell, CISSP
IBM STSM, z/OS Security Design
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
