Hal, Is the problem that the users cannot get to the SR panel, or they can't act on a message once they get there?
To get to the panel, they need READ access to SDSF class resource ISFCMD.ODSP.SR.system. If they have access, SR System Requests should show up on their SDSF Primary Option Menu when they enter SDSF. If not and they attempt to enter the SR command, they should get an ICH408I violation message. If it is not defined to RACF, ISFPARMS governs, and if they don't have access, they will only get "COMMAND NOT AUTHORIZED". If they can get to the SR panel, they will need READ access to either, or both, ISFSR.ACTION.system.jobname or ISFSR.REPLY.system.jobname in order to act on messages. If these resources are protected by RACF, and they don't have sufficient access, they will get an ICH408I message and "NOT AUTHORIZED FOR CMD". If they are not protected by RACF, ISFPARMS governs, and if they don't have access, they will only get "NOT AUTHORIZED FOR CMD". Based on what you've said, I'm guessing you defined and granted them access to ISFCMD.ODSP.SR.system but didn't define profiles for the ISFSR resources, and the ISFPARMS don't give them access. One final consideration which you've probably already thought of but just in case. If defined to RACF, is the SDSF class RACLISTed and did you do a REFRESH on the system where executed? If not, is the profile(s) protecting these SDSF resources generic and did you do a GENERIC REFRESH (or have the user logon/logoff)? Hope this helps. Happy Holidays. Regards, Bob --------------------------------------------------------------------- Robert S. Hansel | 2009 RACF Training (January - July) Lead RACF Specialist | > Intro & Basic Admin - Boston - APR 28-30 RSH Consulting, Inc. | > Audit for Results - Boston - MAY 19-21 www.rshconsulting.com | 617-969-8211 | Visit our website for registration & details --------------------------------------------------------------------- **** Register for a 2009 training seminar at 2008 prices! **** **** See website for details. **** --------------------------------------------------------------------- -----Original Message----- Date: Tue, 16 Dec 2008 11:27:11 -0600 From: Hal Merritt <[email protected]> Subject: SDSF Security My operations folks would like to use the SR panel to manage WTOR's. All of the applicable RACF profiles seem to be in place and they can issue the replies from the LOG screen. The diagnosis procedure in the FM for the error message wasn't productive. The error message returned is "Not authorized for cmd". Nothing else even though WTPMSG is in effect. Could someone fax me a clue? J Thanks. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
