Sorry all, The entire BPX… part is apparently a figment of an AI’s imagination. When pushed, it admitted that it extrapolated something into a false existence.
I still don’t know why the ACL doesn’t work, but I want to close this thread with apologies. Sorry for wasting your time. Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Mon, May 5, 2025 at 12:31 PM, roscoe5 <[[email protected]](mailto:On Mon, May 5, 2025 at 12:31 PM, roscoe5 <<a href=)> wrote: > Thanks Allan, > I think my question is essentially looking for confirmation, disagreement, or > clarification as to if the RACF (facility class profile?) > BPX.FILEATTR.PROTECT essentially overrides or decides if a USS ACL is allowed > or ignored. > > I’ll post in RACF list. > > Sent from [Proton Mail](https://proton.me/mail/home) for iOS > > On Mon, May 5, 2025 at 10:36 AM, Allan Staller > <[[email protected]](mailto:On Mon, May 5, 2025 > at 10:36 AM, Allan Staller <<a href=)> wrote: > >> Classification: Confidential >> >> Another possibility is a R/O file system. However, I believe that will give >> you a specific message related to that specific problem specific problem >> >> -----Original Message----- >> From: IBM Mainframe Discussion List <[email protected]> On Behalf Of >> roscoe5 >> Sent: Monday, May 5, 2025 8:31 AM >> To: [email protected] >> Subject: USS Security >> >> [CAUTION: This Email is from outside the Organization. Unless you trust the >> sender, Don't click links or open attachments as it may be a Phishing email, >> which can steal your Information and compromise your Computer.] >> >> Greetings, >> I have a USS Security question. >> We have a user with mid-level security, who is trying to archive and clean >> up some daily files. >> He successfully connects via TLS FTP and pulls the files; great. Then, in >> this session, issues the delete; it fails. >> Neither the files nor the Directory directly give him permission, however, >> there is an ACL giving him full RWX permission. >> The FTP log gives an error: Rc = 111 >> So I went looking for a RACF error. >> Sure enough, ICH408I ... INSUFFICIENT AUTHORITY TO UNLINK I understand that >> the Unlink is essentially the need to Write/update the directory, and again >> the ACL gives him full rwx access to the individual files and the directory. >> >> Now I'm hearing that unless he is in BPX.FILEATTR.PROTECT the ACL is not >> allowed; it's ignored. >> >> Can anyone confirm, dismiss, or otherwise enlighten us on this issue? >> >> Thanks in advance, >> Bob >> >> Sent from [Proton Mail](https://proton.me/mail/home) for iOS >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, send email >> to [email protected] with the message: INFO IBM-MAIN >> ::DISCLAIMER:: >> ________________________________ >> The contents of this e-mail and any attachment(s) are confidential and >> intended for the named recipient(s) only. E-mail transmission is not >> guaranteed to be secure or error-free as information could be intercepted, >> corrupted, lost, destroyed, arrive late or incomplete, or may contain >> viruses in transmission. The e mail and its contents (with or without >> referred errors) shall therefore not attach any liability on the originator >> or HCL or its affiliates. Views or opinions, if any, presented in this email >> are solely those of the author and may not necessarily reflect the views or >> opinions of HCL or its affiliates. Any form of reproduction, dissemination, >> copying, disclosure, modification, distribution and / or publication of this >> message without the prior written consent of authorized representative of >> HCL is strictly prohibited. If you have received this email in error please >> delete it and notify the sender immediately. Before opening any email and/or >> attachments, please check them for viruses and other defects. >> ________________________________ >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
