Hi Keith, No REFRESH should be necessary. The developers are running batch jobs, and every job will get a fresh copy of the Generic dataset profiles.
Others raised the issue of Enhanced Generic Naming (EGN). It appears Ron's system has NOEGN. I don't believe this is a factor in this case as it has no effect on the behavior of a fully-qualified Generic dataset profile. Regards, Bob -----Original Message----- Date: Thu, 15 Mar 2018 07:00:31 -0400 From: Keith Smith <keith.sm...@shawinc.com> Subject: Re: Problem with dataset authorization Replies are, of course, assuming that a REFRESH was done. If you are new to RACF some changes require the "in memory" copy to be refreshed before the change takes effect. On Thu, Mar 15, 2018 at 6:05 AM, Robert S. Hansel (RSH) < r.han...@rshconsulting.com> wrote: > Hi Ron, > > Here are a couple of thoughts. > > When you created the profile MAC.JSF40.TEMP.JOBHIST, did you define it as > a Discrete profile (protects a single dataset by this name on a specific > VOLSER) or as a full-qualified Generic profile (protects any dataset by > this name on any VOLSER)? If the later, a (G) will appear next to the > profile when you list it. If it's a Discrete, try deleting and recreating > it as a Generic. To do so, you'll need to add the keyword GENERIC to the > ADDSD command. > > Are the developers attempting to access the dataset via a z/OS system that > has a different RACF database than the one where you created the profile? > > Regards, Bob > > Robert S. Hansel > Lead RACF Specialist > RSH Consulting, Inc. *** Celebrating our 25th Year *** > 617-969-8211 > www.linkedin.com/in/roberthansel > https://urldefense.proofpoint.com/v2/url?u=https-3A__ > twitter.com_RSH-5FRACF&d=DwIFaQ&c=7f1YSuqIGbgL_Gzm5POfng&r=unuy1IauTT8_ > BnXaEWJu99tLgShEyROqbi1xNCvlPGQ&m=hGjSKRhcHOylV0rl6qrThdZRFx_ > nQ2nWkFuOU9yUkw4&s=_4bxIlGFU_Xdqti9jvaqNq_hqTjXZRWgB_JGyAyeYts&e= > www.rshconsulting.com > ------------------------------------------------------------ > -------------------- > Upcoming RSH RACF Training - WebEx > - RACF Audit & Compliance Roadmap - SEPT 10-14, 2018 > - RACF Level I Administration - APR 10-13, 2018 ** Date Change ** > - RACF Level II Administration - JUN 4-8, 2018 > - RACF Level III Admin, Audit, & Compliance - OCT 1-5, 2018 > - RACF - Securing z/OS UNIX - APR 23-27, 2018 > ------------------------------------------------------------ > -------------------- > > -----Original Message----- > Date: Wed, 14 Mar 2018 23:32:49 +0000 > From: "McCabe, Ron" <rmcc...@mutualofenumclaw.com> > Subject: Problem with dataset authorization > > Hello List, > > I'm having a problem where one of my developers is getting "INSUFFICIENT > ACCESS AUTHORITY" on a dataset that I have defined in RACF and the issue is > that it is reporting on the generic definition. > > I have defined in RACF a generic dataset definition of MAC.* (this > definition has a UACC of READ and only a couple of groups have update > access), I also have defined a complete dataset name of > MAC.JSF40.TEMP.JOBHIST (this definition has a UACC of READ and allows > update access for my developers). When my developers run a job that wants > to update the MAC.JSF40.TEMP.JOBHIST dataset they get the "INSUFFICIENT > ACCESS AUTHORITY" FROM MAC.* (G). > > Why isn't the system checking for the complete dataset which is the way I > thought RACF was supposed to work? > > Thanks, > Ron McCabe > Mutual of Enumclaw > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Keith Smith Engineer-Enterprise Sys Sr.-IT Capacity & Performance Shaw Industries Inc. Subsidiary of Berkshire Hathaway 616 E Walnut Ave Mail Drop 072-04 Dalton, GA 30721 Email: keith.sm...@shawinc.com Office: 706.532.3244 Please consider the environment before printing. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
