Jesse 1 Robinson wrote: >In particular I'm getting a RACF error starting the second z/OSMF task >IZUSVR1.
I can't help with z/OSMF even while we're now on 2.1, but that is on my radar screen for future exploitation... >I get this: >ICH408I USER(IZUSVR ) GROUP(IZUADMIN) NAME(ZOSMF STARTED TASK U) > /var/zosmf/configuration/configuration_planned.cfg > CL(DIRACC ) FID(C2E2F3F0F0F605710000000000020001) > INSUFFICIENT AUTHORITY TO OPEN > ACCESS INTENT(-W-) ACCESS ALLOWED(OTHER ---) > EFFECTIVE UID(0000900700) EFFECTIVE GID(0000900698) Bob Young gave you a great reply! Thanks Bob! You can do this command too to see what accesses are defined for this file: ls -l /var/zosmf/configuration/configuration_planned.cfg And also issue ls -l for each of the directories from the top down to the last folder. You need to check all accesses for all folders and files and see to what group(s) that id IZUSVR is connected to. >IIRC DIRACC is phantom error because there is no such class. Something is >defined wrong. This is one of the classes which you can't define a profile. You use DIRACC amongst other classes to do auditing on OMVS. >The ZFS containing /var/zosmf/ is 'SPP.IZU.ZFS', covered by RACF profile >'SPP.IZU.ZFS*'. Group IZUADMIN has ALTER access to this profile. Dataset profile covering that dataset does NOT cover the OMVS files INSIDE that dataset. ALTER to dataset means nothing for the OMVS contents *inside* that dataset. >I'm a total bumbler when it comes to USS authorization. What else do I need to >look at? You're not alone. RACF-L and IBM-MAIN are full of such posts were RACF and OMVS are confused simply because the message is prefixed by ICH408. >P.S. cannot post to RACF-L because the confirmation email for my current >sce.com userid gets blocked by corporate policy (Sender field is blank as if >spam). Use the web page interface (of course, your company better not block that too) to post your messages. This is what I use for all the discussion lists. Simply because I want to keep my Inbox 'clean' and to bypass any e-mail limits. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
