Thanks Radoslaw, This shop is more complex than I realized (often the case). I’m now told RACF simply is not allowing ACLs on this set of LPARs. The ticket has been taken back from my team. Options include changing Ownership from the current Group to a similar Group, where our user is a member, and make sure all the members in the current group are included.
But we can drop this thread. I respect your time too much now that we know that all that BPX. info was bogus AI junk. (Maybe based on some truth). Thanks, Sent from [Proton Mail](https://proton.me/mail/home) for iOS On Mon, May 5, 2025 at 3:33 PM, Radoslaw Skorupka <[[email protected]](mailto:On Mon, May 5, 2025 at 3:33 PM, Radoslaw Skorupka <<a href=)> wrote: > There is no such profile like BPX.FILEATTR.PROTECT. > Regarding your problem: give us a chance. PROVIDE A DATA. > Provide the message you see. Provide file attributes. > > -- > Radoslaw Skorupka > Lodz, Poland > > W dniu 05.05.2025 o 18:30, roscoe5 pisze: >> Thanks Allan, >> I think my question is essentially looking for confirmation, disagreement, >> or clarification as to if the RACF (facility class profile?) >> BPX.FILEATTR.PROTECT essentially overrides or decides if a USS ACL is >> allowed or ignored. >> >> I’ll post in RACF list. >> >> Sent from [Proton Mail](https://proton.me/mail/home) for iOS >> >> On Mon, May 5, 2025 at 10:36 AM, Allan Staller >> <[[email protected]](mailto:On Mon, May 5, 2025 >> at 10:36 AM, Allan Staller <<a href=)> wrote: >> >>> Classification: Confidential >>> >>> Another possibility is a R/O file system. However, I believe that will give >>> you a specific message related to that specific problem specific problem >>> >>> -----Original Message----- >>> From: IBM Mainframe Discussion List<[email protected]> On Behalf Of >>> roscoe5 >>> Sent: Monday, May 5, 2025 8:31 AM >>> To:[email protected] >>> Subject: USS Security >>> >>> [CAUTION: This Email is from outside the Organization. Unless you trust the >>> sender, Don't click links or open attachments as it may be a Phishing >>> email, which can steal your Information and compromise your Computer.] >>> >>> Greetings, >>> I have a USS Security question. >>> We have a user with mid-level security, who is trying to archive and clean >>> up some daily files. >>> He successfully connects via TLS FTP and pulls the files; great. Then, in >>> this session, issues the delete; it fails. >>> Neither the files nor the Directory directly give him permission, however, >>> there is an ACL giving him full RWX permission. >>> The FTP log gives an error: Rc = 111 >>> So I went looking for a RACF error. >>> Sure enough, ICH408I ... INSUFFICIENT AUTHORITY TO UNLINK I understand that >>> the Unlink is essentially the need to Write/update the directory, and again >>> the ACL gives him full rwx access to the individual files and the directory. >>> >>> Now I'm hearing that unless he is in BPX.FILEATTR.PROTECT the ACL is not >>> allowed; it's ignored. >>> >>> Can anyone confirm, dismiss, or otherwise enlighten us on this issue? >>> >>> Thanks in advance, >>> Bob >>> > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
