Elardus Engelbrecht wrote >Do you need RELEASE=1.9 I had provided it but removed it from the post.
>Where is R10 pointing? Hopefully to an area which you GETMAINed and populated >previously. Yes, the coding was also removed from the posting >What happens if you run your STC? Do you see any messages? Have not added this code to an STC, I trying to get my User id to work first Thank You for your assistance Paul ---------- Original Message ---------- From: Elardus Engelbrecht <[email protected]> To: [email protected] Subject: Re: Using RACROUT and Facility Class Date: Fri, 30 Jun 2017 01:32:42 -0500 [email protected] wrote: >I am not a RACF Security Administrator by any means, after reading several >documents >I need some help setting up a RACF Facility Class and Permitting Access To a >Started Task Userid (STCUSRID) and My Userid (PAULD01). >Do the following RACF Commands Define a Facility Class >BLUE_RIBBON.SYS1.MSTRUPDT and Have I permitted the Started Task Userid >(STCUSRID) Update access to the Facility and My Userid PAULD01 Read access ? >RDEFINE FACILITY BLUE_RIBBON.SYS1.MSTRUPDT UACC(NONE) >PERMIT BLUE_RIBBON.SYS1.MSTRUPDT CLASS(FACILITY) ID(STCUSRID) ACCESS(UPDATE) >PERMIT BLUE_RIBBON.SYS1.MSTRUPDT CLASS(FACILITY) ID(PAULD01) ACCESS(READ) With that specific setup, your own id has READ, but your STC id has UPDATE. So your id has fewer/lower rights than your STC id in this specific profile setup. (That is if you have setup STARTED Class profile correctly.) Just remember to ralter FACILITY <profile> audit(all(READ)) (This is to catch all and every attempt to use it, good for debugging) and also this SETROPTS REFRESH RACLIST(FACILITY). >FACILITY$ DC CL8'FACILITY' >STEM DC H'00',H'00' > DC CL13'BLUE_RIBBON.SYS1.MSTRUPDT' >STEM# EQU *-STEM No padding up to 39 characters in total? Something like DC CL39'BLUE_RIBBON.SYS1.MSTRUPDT' > DS 0D >RACLAB RACROUTE REQUEST=AUTH,ATTR=READ,CLASS='FACILITY', XX > RELEASE=1.9,MF=L > DS XL8 >RACLAB# EQU *-RACLAB Do you need RELEASE=1.9? > MVC SEC_ENTITY,STEM > RACROUTE REQUEST=AUTH, ** > WORKA=(R10), ** > ATTR=READ, ** > ENTITYX=SEC_ENTITY, ** > CLASS=FACILITY$, ** > MSGSUPP=NO, ** > LOG=ASIS, ** > MF=(E,RACLAB) Where is R10 pointing? Hopefully to an area which you GETMAINed and populated previously... >Does the Above RACROUTE REQUEST=AUTH macro verify that the userid has Read >Authority to the Facility ? >Have I coded it properly ? Probably. What happens if you run your STC? Do you see any messages? >Without specifying a Userid, Is the ACEE used to verify the user ? Yes. Your setup is 'First-Party Call'. Your STC own ACEE is used by that RACROUTE macro. >Should a Userid be explicitly specified on the command ? No, not really, unless you want to do a 'Third-Party' call. HTH! Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
