How is the "ADDUSER/AU" being invoked? If in batch TSO as a TSO
command it should only require RACF SPECIAL authority by the invoking
userid (and correct definition to TSO of RACF authorized commands).
Unless program access is specifically disallowed by PROGRAM profiles, I
would have thought EXECUTE dsn access would be sufficient as long as it
is loaded via LINKLST. If it is being invoked from some script as
'SYS1.LINKLIB(ADDUSER)' that is a different issue, as that syntax says
you are potentially invoking something not in LINKLST; and since ADDUSER
is a TSO command processor, it really shouldn't be invoked that way.
JC Ewing
On 07/07/2012 01:42 PM, Scott Ford wrote:
Craig,
Here is the problem in a nutshell. Customer has a z/os 1.11 environment. The
term used fo the security environment was hardened. But the customer doesn't
know their security environment, no documentation, etc. So, we are trying to
determine what is causing the s306-30 abend. What RACF commands we can use to
determine what is or isn't required for product installation.
I need some suggestions...any help is appreciated.
Scott ford
www.identityforge.com
On Jul 6, 2012, at 5:15 PM, [email protected] wrote:
Not always, Here is the ABEND 306-30 documentation.
The user attempted to use a controlled program but is not
authorized by RACF to use that program. This can occur when a
user has EXECUTE access to a program library's data set profile,
even if none of the program modules involved are RACF program
protected. Have the system security administrator grant you READ
access to the data set profile instead.
Thanks,
Craig
From: Scott Ford <[email protected]>
To: [email protected]
Date: 07/06/2012 15:34
Subject: RACF question
Sent by: IBM Mainframe Discussion List <[email protected]>
All,
I have a question, I have a customer receiving a csv0025i abends306-30 on
a adduser.
Shouldn't we be seeing a ich408i message ?
Scott ford
www.identityforge.com
----------------------------------------------------------------------
--
Joel C. Ewing, Bentonville, AR [email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
