When I installed IPGATE for my new customer (without RACF), at first I found this in the IPGATE of the remote system: CPICOMM LOGDATA H1 V 87 Trunc=87 Size=2 Line=1 Col=1 Alt=0 ====> +....2....+....3....+....4....+....5....+....6....+....7....+....8....+. * * * Top of File * * * _SPECIFIC_ERROR: Privilege class not authorized to set alternate user I _SPECIFIC_ERROR: Privilege class not authorized to set alternate user I * * * End of File * * * That meant IPGATE missed CP class B (RACF requirements come on top of that). Maybe you also need to verify the userid mapping: IPGATE USERMAP H1 V 80 Trunc=80 Size=10 Line=1 Col=1 ====> !...+....1....+....2....+....3....+....4....+....5....+... * * * Top of File * * * ;origin_system origuser resource locuser -------------------- 6 line(s) not displayed ----------- * * * not_auth ; VMIFL: allow any user to come in with its own authority 10.132.224.200 * * = * * * End of File * * * If you'd translate MAINT for example into RMTMAINT, it is logical that a GRANT TO MAINT will not help the MAINT user from a remote system that comes in as RMTMAINT.
2010/3/12 Phil Tully <[email protected]> > Bruce, > I'm still not sure either. > > I did a test today, brought down the node where the SFS server resides, > re-ipled with a CPLOAD which had no RACF in it. > > Brought up the sfs server and IPgate, attempted the same connection from > the second system, still no luck. Only files and directories with public > access are allowed. > > Phil > > > Bruce Hayden wrote: > >> I don't know what is wrong. I tried it here, creating a filespace >> that doesn't have a userid in the directory, and I could access it via >> IPGATE on a remote system. You aren't, by chance, using RACF to >> control SFS? I presume you aren't since you mention PUBLIC >> directories. Maybe looking at the RACF audit data or maybe even on >> the RACFVM console will give you a clue as to what authorization >> request is failing. >> >> On Wed, Mar 10, 2010 at 2:29 PM, Philip Tully <[email protected]> >> wrote: >> >> >>> According to the racf team here (I don't have access) we have configured >>> racf as you said. BTW: we do not have a userid calls tools only a >>> filespace. >>> >>> Here is the RACF output >>> VLB2 >>> ACTIVE CLASSES = DATASET USER GROUP VMMDISK VMRDR VMCMD VMNODE VMBATCH >>> VXMBR VMXEVENT >>> >>> GENERIC PROFILE CLASSES = VMBATCH >>> GENERIC COMMAND CLASSES = VMBATCH >>> GENLIST CLASSES = VMBATCH >>> >>> Sysv >>> ACTIVE CLASSES = DATASET USER GROUP VMMDISK VMRDR VMCMD VMNODE VMBATCH >>> VXMBR VMXEVENT >>> >>> GENERIC PROFILE CLASSES = VMBATCH >>> GENERIC COMMAND CLASSES = VMBATCH >>> >>> >>> >> >> >> >> >> > > -- > 'in media stat virtus' > Virtue's in the middle > -- Kris Buelens, IBM Belgium, VM customer support
