In <[email protected]>, on
04/15/2013
at 12:32 PM, Larry Burch <[email protected]> said:
>However, RACF is denying me the updateability:
>ICH408I USER(SYSLMB ) GROUP(SYSPROF ) NAME(LARRY M. BURCH )
> PARMLIB CL(TSOAUTH )
> INSUFFICIENT ACCESS AUTHORITY
> ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ )
>
>and I just don't know what to do about it! I know that this isn't
>the RACF List, but I'm sure there's just a tiny little something I'm
>missing. Any advice? All of my RACF knowledge is self-taught, and
>very patch-work.
>From z/OS TSO/E Customization, A22-7783-10
5.7 Chapter 32. Customizing the PARMLIB command
The PARMLIB command lets you list and update TSO/E
specifications that are in effect on the system. Those TSO/E
specifications include tables of authorized commands and
programs, and default values for some TSO/E commands.
The CHECK function of the PARMLIB command lets you check the
syntax of any IKJTSOxx member of SYS1.PARMLIB, including
active members.
Before people at your installation can use the PARMLIB command,
you must add PARMLIB to the table of authorized commands.
Chapter 10, "Specifying authorized commands/programs, and
commands not supported in the background" in topic 3.5 describes
how to maintain and update the table.
You should also limit individual users from using the PARMLIB
command. You can limit users in one of the following ways:
� Using PARMLIB exit routine IKJPRMX1. When a user issues
PARMLIB, IKJPRMX1 can check the user ID and issue a return
code to let the user continue, to cancel the PARMLIB
command, or to invoke authority checking through RACF.
� Using RACF. You can use the RACF RDEFINE command to define
PARMLIB as a RACF resource belonging to the TSOAUTH RACF
class. Then give selected users access to the PARMLIB
resource using the RACF PERMIT command. Users who will use
the CHECK or LIST operands will require READ access to the
TSOAUTH-class PARMLIB profile; in order to use the UPDATE
operand, UPDATE access to the profile will be needed. Note
that users do NOT require a TSO segment in order to gain
access to the PARMLIB profile in the TSOAUTH class.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
