Thanks Allan, I think my question is essentially looking for confirmation, disagreement, or clarification as to if the RACF (facility class profile?) BPX.FILEATTR.PROTECT essentially overrides or decides if a USS ACL is allowed or ignored.
I’ll post in RACF list. Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Mon, May 5, 2025 at 10:36 AM, Allan Staller <[[email protected]](mailto:On Mon, May 5, 2025 at 10:36 AM, Allan Staller <<a href=)> wrote: > Classification: Confidential > > Another possibility is a R/O file system. However, I believe that will give > you a specific message related to that specific problem specific problem > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf Of > roscoe5 > Sent: Monday, May 5, 2025 8:31 AM > To: [email protected] > Subject: USS Security > > [CAUTION: This Email is from outside the Organization. Unless you trust the > sender, Don't click links or open attachments as it may be a Phishing email, > which can steal your Information and compromise your Computer.] > > Greetings, > I have a USS Security question. > We have a user with mid-level security, who is trying to archive and clean up > some daily files. > He successfully connects via TLS FTP and pulls the files; great. Then, in > this session, issues the delete; it fails. > Neither the files nor the Directory directly give him permission, however, > there is an ACL giving him full RWX permission. > The FTP log gives an error: Rc = 111 > So I went looking for a RACF error. > Sure enough, ICH408I ... INSUFFICIENT AUTHORITY TO UNLINK I understand that > the Unlink is essentially the need to Write/update the directory, and again > the ACL gives him full rwx access to the individual files and the directory. > > Now I'm hearing that unless he is in BPX.FILEATTR.PROTECT the ACL is not > allowed; it's ignored. > > Can anyone confirm, dismiss, or otherwise enlighten us on this issue? > > Thanks in advance, > Bob > > Sent from [Proton Mail](https://proton.me/mail/home) for iOS > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > [email protected] with the message: INFO IBM-MAIN > ::DISCLAIMER:: > ________________________________ > The contents of this e-mail and any attachment(s) are confidential and > intended for the named recipient(s) only. E-mail transmission is not > guaranteed to be secure or error-free as information could be intercepted, > corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses > in transmission. The e mail and its contents (with or without referred > errors) shall therefore not attach any liability on the originator or HCL or > its affiliates. Views or opinions, if any, presented in this email are solely > those of the author and may not necessarily reflect the views or opinions of > HCL or its affiliates. Any form of reproduction, dissemination, copying, > disclosure, modification, distribution and / or publication of this message > without the prior written consent of authorized representative of HCL is > strictly prohibited. If you have received this email in error please delete > it and notify the sender immediately. Before opening any email and/or > attachments, please check them for viruses and other defects. > ________________________________ > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
