What is the difference of the entry of the GDG vs VSAM in CATALOG
Hi all We defined a VSAM file and a GDG base using a user id DBJMP05. The prefix of DBJMP05 is managed by SMS SMS routing SC : FILTLIST TSOUSERS INCLUDE(DBJMP*) WHEN HLQ = TSOUSERS SET STORCLAS = 'SCSTAND' SG: FILTLIST TSOUSERS INCLUDE(DBJMP*) WHEN(HLQ= TSOUSERS) SET STORGRP = 'SGTSO' Below is the JCL and the output of the JCL. 1. Define a VSAM : DBJMP05.BDZ3.MAN1 DEFINE CLUSTER( - CONTROLINTERVALSIZE(4096) - TRACKS(50) - NAME(DBJMP05.BDZ3.MAN1) - INDEXED - RECORDSIZE(4086,32767) - BUFFERSPACE(81920) - REUSE - SHAREOPTIONS(2) - SPANNED - SPEED ) The return code is Zero 2.Define a base of GDG: DBJMP05.FAS.SE.FMLX.HIST DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) My question : I want to know the reasons: 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Any suggestion would be helpful! Thanks a lot! Jason Cai -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: strange RSH behaviour
Are you calling it from TSO or from a UNIX shell? If the latter, are you calling /bin/rsh or /bin/orsh? The former should be an external link to RSH, the latter a symbolic link to /usr/lpp/tcpip/bin/orsh, which in turn should have the sticky bit set so that it points to ORSH in the MVS program search order. -- Peter Hunkeler CREDIT SUISSE AG -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) Are you using multilevel alias? If so, are DBJMP05.BDZ3 and DBJMP05.FAS being directed to different catalogs? If so, I'g guess that user DBJMP05 is allowed to write to one catalgo but not to the other. -- Peter Hunkeler CREDIT SUISSE AG -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Jason, I do not think this is an ACS routine issue. This looks more like a security profile issue. The ICH408I is indicating that the DBJMP05 user does not have access to the CATALOG.PLEXBDZ3.TSO. What is the access to this catalog for this ID? What catalog ( Report results of a LISTC ENT(DBJMP05.BDZ3.MAN1) ALL ) does it live in? Does DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG? How is the CATALOG set up? Is is single level or multiple level aliases? Is the failure on the same LPAR or Different LPARs? What security product are you using (RACF?) What level of z/OS? Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFDSS copy
DB2 subsystems were done in time of the copy . Perhaps the same volumes were selected in the copy operation ? Are you using SMS how do the ACS routines look like I know I might miss somthing - I forget to put the Volume in disable to ensure this won't happen. Thanks I believe this is the reason I'll try perform the copy again . On Wed, Mar 2, 2011 at 4:49 PM, Dick de Groot derkfr...@gmail.com wrote: Perhaps the same volumes were selected in the copy operation ? Are you using SMS how do the ACS routines look like 2011/3/2 Matan Cohen matancohen...@gmail.com Hi, for some reason I needed to empty a DASD disk from its content (All files are DB2 VSAMS) . i noticed there is a multivolume DSNs so i added the 'SPHERE' 'SELECTMULTI' . so after backing up the disk i run this JCL : //ADB2CPY JOB ,,CLASS=A,REGION=0M,MSGCLASS=X, //MSGLEVEL=(1,1) //BFFDBB29 EXEC PGM=ADRDSSU //SYSUDUMP DD SYSOUT=* //SYSPRINT DD SYSOUT=* //DASDDD UNIT=3390,VOL=SER=OLDDISK,DISP=SHR //OUTDSK DD UNIT=3390,VOL=SER=NEWDISK,DISP=SHR //SYSINDD * COPY DATASET( - INCLUDE( DBP.**, - DBT.**,- DB29.**, - ))- LOGINDDNAME(DASD)- OUTDDNAM(OUTDSK) - SPHERE- SELECTMULTI(ANY) - CAT - DELETE /* for some reason half of the Files (not necessarliy multivolume) were not copied the job ended with RC 0 it seems DFDSS didn't select them , from the literature: For VSAM data sets, the volume list is affected by the use of the SPHERE keyword as follows: v Specify SPHERE and you only need to list any part of the base cluster in the volume list. should I run this job again but without : 'SPHERE','SELECTMULTI' ? is there somthing I forgetten ? -- best regards, matan cohen MF System Administrator. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Met vriendelijke groeten/With kind regards Dick de Groot -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- best regards, matan cohen MF System Administrator. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: DFDSS copy
Perhaps the same volumes were selected in the copy operation ? Are you using SMS how do the ACS routines look like Good point it is!! Waiting for good news. 2011/3/3 Matan Cohen matancohen...@gmail.com DB2 subsystems were done in time of the copy . Perhaps the same volumes were selected in the copy operation ? Are you using SMS how do the ACS routines look like I know I might miss somthing - I forget to put the Volume in disable to ensure this won't happen. Thanks I believe this is the reason I'll try perform the copy again . On Wed, Mar 2, 2011 at 4:49 PM, Dick de Groot derkfr...@gmail.com wrote: Perhaps the same volumes were selected in the copy operation ? Are you using SMS how do the ACS routines look like 2011/3/2 Matan Cohen matancohen...@gmail.com Hi, for some reason I needed to empty a DASD disk from its content (All files are DB2 VSAMS) . i noticed there is a multivolume DSNs so i added the 'SPHERE' 'SELECTMULTI' . so after backing up the disk i run this JCL : //ADB2CPY JOB ,,CLASS=A,REGION=0M,MSGCLASS=X, //MSGLEVEL=(1,1) //BFFDBB29 EXEC PGM=ADRDSSU //SYSUDUMP DD SYSOUT=* //SYSPRINT DD SYSOUT=* //DASDDD UNIT=3390,VOL=SER=OLDDISK,DISP=SHR //OUTDSK DD UNIT=3390,VOL=SER=NEWDISK,DISP=SHR //SYSINDD * COPY DATASET( - INCLUDE( DBP.**, - DBT.**,- DB29.**, - ))- LOGINDDNAME(DASD)- OUTDDNAM(OUTDSK) - SPHERE- SELECTMULTI(ANY) - CAT - DELETE /* for some reason half of the Files (not necessarliy multivolume) were not copied the job ended with RC 0 it seems DFDSS didn't select them , from the literature: For VSAM data sets, the volume list is affected by the use of the SPHERE keyword as follows: v Specify SPHERE and you only need to list any part of the base cluster in the volume list. should I run this job again but without : 'SPHERE','SELECTMULTI' ? is there somthing I forgetten ? -- best regards, matan cohen MF System Administrator. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Met vriendelijke groeten/With kind regards Dick de Groot -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- best regards, matan cohen MF System Administrator. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMP/E CSI record layout
Why you looking for the record layout of Target CSI ? Just bit curious .. anyway other question I have is in what situation you see hex 070300 before zone name since I did print of records for target zone and they all appear to have 010300 ...thanks,Ravi -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Hi all Our shop is RACF. It is single level alias DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG. Thanks a lot! Jason Cai DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Jason, I do not think this is an ACS routine issue. This looks more like a security profile issue. The ICH408I is indicating that the DBJMP05 user does not have access to the CATALOG.PLEXBDZ3.TSO. What is the access to this catalog for this ID? What catalog ( Report results of a LISTC ENT(DBJMP05.BDZ3.MAN1) ALL ) does it live in? Does DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG? How is the CATALOG set up? Is is single level or multiple level aliases? Is the failure on the same LPAR or Different LPARs? What security product are you using (RACF?) What level of z/OS? Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Our shop is z/OS 1.11. the image is a single image. Thanks a lot! Hi all Our shop is RACF. It is single level alias DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG. Thanks a lot! Jason Cai DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Jason, I do not think this is an ACS routine issue. This looks more like a security profile issue. The ICH408I is indicating that the DBJMP05 user does not have access to the CATALOG.PLEXBDZ3.TSO. What is the access to this catalog for this ID? What catalog ( Report results of a LISTC ENT(DBJMP05.BDZ3.MAN1) ALL ) does it live in? Does DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG? How is the CATALOG set up? Is is single level or multiple level aliases? Is the failure on the same LPAR or Different LPARs? What security product are you using (RACF?) What level of z/OS? Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Question about wiping a DS8100
Log on as CE user and do a de-install of the box then all tables are cleared 2011/2/26 Ted MacNEIL eamacn...@yahoo.ca Does anyone have any thoughts on the cache? Do I need to worry about clearing that? No. If so, does anyone have any ideas on how to do that? Just turn it (the C/U) off. - Ted MacNEIL eamacn...@yahoo.ca -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Met vriendelijke groeten/With kind regards Dick de Groot -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Our shop is RACF. It is single level alias Our shop is z/OS 1.11. the image is a single image. DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG. Thanks a lot! Jason Cai DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Jason, So what RACF profiles do you have for all levels of these datasets? Start by looking at DBJMP05 The DBJMP05.BDZ3 Then DBJMP05.FAS And so on. See if the LD command for RACF can show what profile covers each dataset name. I sometimes use the RACF ISPF panels or if you have Tivoli, have your Tivoli administrator look with you. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMP/E CSI record layout
Hello Ravi, you're absolutely right, until yesterday I've only seen 010300 but then I got a CSI from another installation, where 070300 occurs, what leads to my question. BTW: the reason why I'm looking into this data is fairly hard to explain and a much longer story, perhaps I'll find the time to tell it later ... Am 03.03.2011 11:21, schrieb Ravi Gaur: Why you looking for the record layout of Target CSI ? Just bit curious .. anyway other question I have is in what situation you see hex 070300 before zone name since I did print of records for target zone and they all appear to have 010300 ...thanks,Ravi -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- Freundliche Gruesse / Kind regards Dipl. Math. Juergen Kehr ITSchulung Beratung, IT Education + Consulting RengershaeuserStr. 28 34132 Kassel Germany Tel. +49-561-9528788 Fax +49-561-9528789 Mobil +49-172-5129389 ICQ 292-318-696 (JKehr) mailto:kehrjuer...@t-online.de mailto:kehrjuer...@jkehr.de -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Lizette There are only RACF profiles DBJMP05.** for DBJMP05.BDZ3 and DBJMP05.FAS. Thanks a lot! Jason Cai Our shop is RACF. It is single level alias Our shop is z/OS 1.11. the image is a single image. DBJMP05.BDZ3.MAN1 catalog to the same catalog as the GDG. Thanks a lot! Jason Cai DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Jason, So what RACF profiles do you have for all levels of these datasets? Start by looking at DBJMP05 The DBJMP05.BDZ3 Then DBJMP05.FAS And so on. See if the LD command for RACF can show what profile covers each dataset name. I sometimes use the RACF ISPF panels or if you have Tivoli, have your Tivoli administrator look with you. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
There are only RACF profiles DBJMP05.** for DBJMP05.BDZ3 and DBJMP05.FAS. This is not of interest to the problem. The access was denied when accessing the catalog (see your ICH408I). The user is not permitted UPDATE to data set CATALOG.PLEXBDZ3.TSO, at least in the GDG case. And I can't imagine why the update should succeed when defining the VSAM data set *when* it will be cataloged in the same catalog. -- Peter Hunkeler Credit Suisse -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Can you try to define a GDG named DBJMP05.BDZ3.GDG and can you try to define a VSAM data set named DBJMP05.FAS.VSAM What happens? -- Peter Hunkeler CREDIT SUISSE AG -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
On 03/03/2011 02:13 AM, ibmnew wrote: Hi all We defined a VSAM file and a GDG base using a user id DBJMP05. The prefix of DBJMP05 is managed by SMS SMS routing SC : FILTLIST TSOUSERS INCLUDE(DBJMP*) WHENHLQ =TSOUSERS SETSTORCLAS = 'SCSTAND' SG: FILTLIST TSOUSERS INCLUDE(DBJMP*) WHEN(HLQ=TSOUSERS) SETSTORGRP = 'SGTSO' Below is the JCL and the output of the JCL. 1. Define a VSAM : DBJMP05.BDZ3.MAN1 DEFINE CLUSTER( - CONTROLINTERVALSIZE(4096) - TRACKS(50) - NAME(DBJMP05.BDZ3.MAN1) - INDEXED - RECORDSIZE(4086,32767) - BUFFERSPACE(81920) - REUSE - SHAREOPTIONS(2) - SPANNED - SPEED ) The return code is Zero 2.Define a base of GDG: DBJMP05.FAS.SE.FMLX.HIST DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) My question : I want to know the reasons: 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Any suggestion would be helpful! Thanks a lot! Jason Cai ... The answer is really quite simple, although perhaps counter-intuitive. Only data sets are SMS controlled, thus the VSAM file is an SMS data set, the GDG base is not. All SMS data sets must be cataloged in their alias-directed catalog; therefore, except for the special case of the master catalog, z/OS allows them to be cataloged in any user catalog to which they are directed by defined alias definitions, bypassing any RACF access checks on USERCAT catalog access in order to guarantee that cataloging can occur and avoid unnecessary problems . Master catalog access still requires RACF access, since unless a mistake has been made, access to any dataset HLQs that would map to master cat should be restricted to SysProgs who should have access to master cat. Since the GDG base is not an SMS dataset, RACF access checks on catalogs are not bypassed and the user must have RACF UPDATE access to the catalog. Altering or creating catalog entries in a USERCAT, other than those changes implied by the creation/deletion of SMS datasets, requires UPDATE access to the catalog. It used to be the case that RACF UPDATE access to all catalogs was always required to make catalog changes. At somewhere along the line this SMS exception was documented as an enhancement with MVS release migration docs. -- Joel C. Ewing, Fort Smith, ARjcew...@acm.org Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
SMF data question - an opinion poll, of sorts
This is a type of opinion poll question. In general, it could be reduced to: What do you think of XML encoded data?. In particular, the nice RACF people have a program `which unloads their SMF audit data in XML format as an option. What is nice about it is that the data is printable and so easily downloaded to my Linux system. XML formatting is nice because it easier to read using Java and XSLT processor to do queries and reformatting. Which makes it easier for me to load into a database (PostgreSQL based in my case). I would find it very helpful to me if more SMF records could be made available in XML character format so that I could easily process it on Linux. So I'm wondering what others think of this? Does anybody else like XML? Or am I, once again, in the minority? Yes, I could write an HLASM program myself to do this. Perhaps by somehow reading ADATA output to generate a program to do it. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
-Original Message- From: IBM Mainframe Discussion List [On Behalf Of Hunkeler Peter (KIUP 4) There are only RACF profiles DBJMP05.** for DBJMP05.BDZ3 and DBJMP05.FAS. This is not of interest to the problem. The access was denied when accessing the catalog (see your ICH408I). The user is not permitted UPDATE to data set CATALOG.PLEXBDZ3.TSO, at least in the GDG case. And I can't imagine why the update should succeed when defining the VSAM data set *when* it will be cataloged in the same catalog. This problem has the appearance of multi-level catalog aliases being used, and the VSAM dataset's second qualifier points it to a catalog to which the user has UPDATE permission; while the GDG's second qualifier either is not defined in a multi-level alias, or is pointed to a different catalog to which the user does NOT have UPDATE permission. -jc- -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
It used to be the case that RACF UPDATE access to all catalogs was always required to make catalog changes. At somewhere along the line this SMS exception was documented as an enhancement with MVS release migration docs. I missed this enhancement. Thanks for the update. -- Peter Hunkeler Credit Suise -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Removing DFSMShsm ML1
Hi Jonathan, There are both backup VTOC-copy data sets and dump VTOC-copy data sets which get put on ML1 volumes. For example: DFHSM.VTOC.Tssmmhh.Vvolser.Dyyddd and DFHSM.DUMPVTOC.Tssmmhh.Vvolser.Dyyddd. So, HSM incremental backups as well as HSM full volume dumps create datasets which go to ML1 volumes. Also, keep in mind that if you are doing extent reduction (SETSYS MAXEXTENTS(n)), you will need at least one ML1 volume for that process. Finally, as I understand it, the volume-level Fast Replication function of HSM also uses ML1. Regards, Andy -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMF data question - an opinion poll, of sorts
John, IMO, the first problem to solve would be to create a good model/schema description for SMF records - the DSECTS are really insufficient (actual data types and structure can only be gleaned from the comments or other documentation) If you had an XML document that *described* each SMF record that covered the SMF datatypes, triplets, etc, etc, then you could use this XML schema to generate code that would translate from the existing SMF records to whatever - XML, JSON, Java bean classes, DFSORT symbols, report writers, etc, etc. A great community (cbttabpe?) project would be to create an XML meta-model (a schema) for modeling SMF records, and then individuals and vendors could publish models for their SMF records. Think of the great tools that could be easily written to process SMF data if these models were available Regards, Kirk Wolf Dovetailed Technologies http://dovetail.com On Thu, Mar 3, 2011 at 8:19 AM, McKown, John john.mck...@healthmarkets.com wrote: This is a type of opinion poll question. In general, it could be reduced to: What do you think of XML encoded data?. In particular, the nice RACF people have a program `which unloads their SMF audit data in XML format as an option. What is nice about it is that the data is printable and so easily downloaded to my Linux system. XML formatting is nice because it easier to read using Java and XSLT processor to do queries and reformatting. Which makes it easier for me to load into a database (PostgreSQL based in my case). I would find it very helpful to me if more SMF records could be made available in XML character format so that I could easily process it on Linux. So I'm wondering what others think of this? Does anybody else like XML? Or am I, once again, in the minority? Yes, I could write an HLASM program myself to do this. Perhaps by somehow reading ADATA output to generate a program to do it. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMF data question - an opinion poll, of sorts
It might be possible to create a tool to help generate XML models for SMF records: Input: - ADATA files from DSECT(s) - control statements that specify: - data types (other than what can be determined from the ADATA) - triplets and substructures Output: - An XML document that describes an SMF record (fields, data types, substructures, etc) Kirk Wolf Dovetailed Technologies http://dovetail.com On Thu, Mar 3, 2011 at 10:11 AM, Kirk Wolf k...@dovetail.com wrote: John, IMO, the first problem to solve would be to create a good model/schema description for SMF records - the DSECTS are really insufficient (actual data types and structure can only be gleaned from the comments or other documentation) If you had an XML document that *described* each SMF record that covered the SMF datatypes, triplets, etc, etc, then you could use this XML schema to generate code that would translate from the existing SMF records to whatever - XML, JSON, Java bean classes, DFSORT symbols, report writers, etc, etc. A great community (cbttabpe?) project would be to create an XML meta-model (a schema) for modeling SMF records, and then individuals and vendors could publish models for their SMF records. Think of the great tools that could be easily written to process SMF data if these models were available Regards, Kirk Wolf Dovetailed Technologies http://dovetail.com On Thu, Mar 3, 2011 at 8:19 AM, McKown, John john.mck...@healthmarkets.com wrote: This is a type of opinion poll question. In general, it could be reduced to: What do you think of XML encoded data?. In particular, the nice RACF people have a program `which unloads their SMF audit data in XML format as an option. What is nice about it is that the data is printable and so easily downloaded to my Linux system. XML formatting is nice because it easier to read using Java and XSLT processor to do queries and reformatting. Which makes it easier for me to load into a database (PostgreSQL based in my case). I would find it very helpful to me if more SMF records could be made available in XML character format so that I could easily process it on Linux. So I'm wondering what others think of this? Does anybody else like XML? Or am I, once again, in the minority? Yes, I could write an HLASM program myself to do this. Perhaps by somehow reading ADATA output to generate a program to do it. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Request for Enhancement Requests
Cross-posted to Linux-390, IBMVM and IBM-Main Once again, I'm looking for customer requirements to enhance our Linux for System z product. If you've ever had any gee I wish SLES would do X type of thoughts, please send those to me off-list. I'm primarily interested in things that would be specific to System z, but _anything_ is fair game for this. If anyone is interested, I can send them the collected list (also off-line) once I have it. Please let me know if you would want that information sent back to you. (IYou don't have to send me an RFE of your own to get that, but it sure would be nice.) Thanks, Mark Post Novell Global Technical Support -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
ICSF Troubles
We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. Thoughts? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ICSF Troubles
Hal, Care to post your csfparm (minus the ckds data set name plz) ... or look for any SYSPLEX keywords and post them? Thanks, Rob Schramm -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Hal Merritt Sent: Thursday, March 03, 2011 12:36 PM To: IBM-MAIN@bama.ua.edu Subject: ICSF Troubles We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. Thoughts? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ICSF Troubles
Hal, The reason code of 1780 indicates that a DASD I/O error occurred when accessing the dataset. Have you checked EREP for any diagnostic information? Also, are you running under z/VM? John P. Baker Chief Software Architect HFD Technologies -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Hal Merritt Sent: Thursday, March 03, 2011 12:36 PM To: IBM-MAIN@bama.ua.edu Subject: ICSF Troubles We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. Thoughts? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ICSF Troubles
1) Check SYS1.PARMLIB(CSFPRM*). It may be pointing to the wrong place. 2) Check the LRECL of the PKDS. 1.11 changed the LRECL of the PKDS. See http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/E0Z2M17A/8.2. 6?DT=20090616151803 HTH. snip We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. /snip -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMF data question - an opinion poll, of sorts
-snip- This is a type of opinion poll question. In general, it could be reduced to: What do you think of XML encoded data?. In particular, the nice RACF people have a program `which unloads their SMF audit data in XML format as an option. What is nice about it is that the data is printable and so easily downloaded to my Linux system. XML formatting is nice because it easier to read using Java and XSLT processor to do queries and reformatting. Which makes it easier for me to load into a database (PostgreSQL based in my case). I would find it very helpful to me if more SMF records could be made available in XML character format so that I could easily process it on Linux. So I'm wondering what others think of this? Does anybody else like XML? Or am I, once again, in the minority? Yes, I could write an HLASM program myself to do this. Perhaps by somehow reading ADATA output to generate a program to do it. --unsnip-- John, I'm afraid it wouldn't make much difference to me, since I use a HLL )PL/1) to post-process all my SMF data. If it'll help, I'll try to find my PL/1 DECLARE statements for the SMF records I process. Rick -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Converting a DSECT to a SAS INPUT statement?
Hi folks, I've been gone for a while but now I'm back ... Anyway, I seem to dimly remember there was a tool to eat a DSECT or mapping macro and produce a SAS INPUT statement. (Actually I want something to read DCOLLECT data and I'm too lazy to convert the dsect by hand.) Does anyone out there know of such a thing, or should I write one and patent it? :-) Thanks ... Jim Blalock, z/OS guy, Clemson University -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ICSF Troubles
We have one PKDS and one CKDS for all lpars. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Hal Merritt Sent: Thursday, March 03, 2011 11:36 AM To: IBM-MAIN@bama.ua.edu Subject: ICSF Troubles We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. Thoughts? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html == This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: Converting a DSECT to a SAS INPUT statement?
There's this product called MXG ... SAS-based, reads DCOLLECT, most every known SMF record, a whole bunch of other things, and it's updated pretty near every time an input record is changed - or added. Reasonably priced, too. Tom Puddicombe Mainframe Performance Capacity Planning CSC 71 Deerfield Rd, Meriden, CT 06450 ITIS | (860) 428-3252 | tpudd...@csc.com | www.csc.com This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. From: Jim Blalock ca...@clemson.edu To: IBM-MAIN@bama.ua.edu Date: 03/03/2011 05:02 PM Subject: Converting a DSECT to a SAS INPUT statement? Hi folks, I've been gone for a while but now I'm back ... Anyway, I seem to dimly remember there was a tool to eat a DSECT or mapping macro and produce a SAS INPUT statement. (Actually I want something to read DCOLLECT data and I'm too lazy to convert the dsect by hand.) Does anyone out there know of such a thing, or should I write one and patent it? :-) Thanks ... Jim Blalock, z/OS guy, Clemson University -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: ICSF Troubles
Just a few items How are you sharing? GRS? CA-MIM? Etc. Were the files defined with the correct share options? Was this working before or new configuration? On Thursday, March 3, 2011, Ward, Mike S mw...@ssfcu.org wrote: We have one PKDS and one CKDS for all lpars. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Hal Merritt Sent: Thursday, March 03, 2011 11:36 AM To: IBM-MAIN@bama.ua.edu Subject: ICSF Troubles We are z/os 1.11. We almost never IPL. The last time we IPL'd, we received the following: 11.47.55 STC00014 CSFM450E UNEXPECTED ERROR PROCESSING PKDS, RETURN CODE = 000C, REASON CODE = 1780. 11.47.55 STC00014 CSFM401I CRYPTOGRAPHY - SERVICES ARE NO LONGER AVAILABLE. 11.47.55 STC00014 IEF352I ADDRESS SPACE UNAVAILABLE 11.47.55 STC00014 $HASP395 CSF ENDED We don't use PKI and have no current plans to do so. However, the CSF is critical. With a little experimentation in the testplex, I am currently of the opinion that it is some sort of file sharing issue. When I allocate a fresh PKDS, CSF on LparA comes up just fine. However, CSF on LparB sometimes fails with the above message. The FM seems to say that the PKDS is not completely initialized until the first key is stowed. Not sure how to do that. I'm thinking a PMR. But a user error is usually more likely. Right now my workaround is to point each LPAR to its own PKDS. Of course, I'm a bit nervous as I don't want to accidently break CSF. That would be equivalent to a full outage. What I'd really like to do is to completely shut off PKDS. I've tried starting with no PKDS specified, but CSF refuses to start. Thoughts? NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html == This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error please notify the system manager. This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. If you are not the intended recipient you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: What is the difference of the entry of the GDG vs VSAM in CATALOG
Joel C I got it.Thanks you very very much! Best Regards, Cai Jin Song Hi all We defined a VSAM file and a GDG base using a user id DBJMP05. The prefix of DBJMP05 is managed by SMS SMS routing SC : FILTLIST TSOUSERS INCLUDE(DBJMP*) WHENHLQ =TSOUSERS SETSTORCLAS = 'SCSTAND' SG: FILTLIST TSOUSERS INCLUDE(DBJMP*) WHEN(HLQ=TSOUSERS) SETSTORGRP = 'SGTSO' Below is the JCL and the output of the JCL. 1. Define a VSAM : DBJMP05.BDZ3.MAN1 DEFINE CLUSTER( - CONTROLINTERVALSIZE(4096) - TRACKS(50) - NAME(DBJMP05.BDZ3.MAN1) - INDEXED - RECORDSIZE(4086,32767) - BUFFERSPACE(81920) - REUSE - SHAREOPTIONS(2) - SPANNED - SPEED ) The return code is Zero 2.Define a base of GDG: DBJMP05.FAS.SE.FMLX.HIST DEFINE GDG (NAME(DBJMP05.FAS.SE.FMLX.HIST) - LIMIT(03) - NOEMPTY- SCRATCH ) The return is 12 ICH408I USER(DBJMP05 ) GROUP(#TMPUG ) NAME(APPL MAINTENANCE CATALOG.PLEXBDZ3.TSO CL(DATASET ) VOL(BD3CT1) INSUFFICIENT ACCESS AUTHORITY FROM CATALOG.PLEXBDZ3.TSO (G) ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ ) My question : I want to know the reasons: 1. Why is it success when I define a vsam or PDS using prefix DBJMP05? 2.Why isnot it success when I define a base of GDG using prefix DBJMP05? 3.What is the difference of them in the catalog Any suggestion would be helpful! Thanks a lot! Jason Cai ... The answer is really quite simple, although perhaps counter-intuitive. Only data sets are SMS controlled, thus the VSAM file is an SMS data set, the GDG base is not. All SMS data sets must be cataloged in their alias-directed catalog; therefore, except for the special case of the master catalog, z/OS allows them to be cataloged in any user catalog to which they are directed by defined alias definitions, bypassing any RACF access checks on USERCAT catalog access in order to guarantee that cataloging can occur and avoid unnecessary problems . Master catalog access still requires RACF access, since unless a mistake has been made, access to any dataset HLQs that would map to master cat should be restricted to SysProgs who should have access to master cat. Since the GDG base is not an SMS dataset, RACF access checks on catalogs are not bypassed and the user must have RACF UPDATE access to the catalog. Altering or creating catalog entries in a USERCAT, other than those changes implied by the creation/deletion of SMS datasets, requires UPDATE access to the catalog. It used to be the case that RACF UPDATE access to all catalogs was always required to make catalog changes. At somewhere along the line this SMS exception was documented as an enhancement with MVS release migration docs. -- Joel C. Ewing, Fort Smith, ARjcew...@acm.org Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: SMF data question - an opinion poll, of sorts
On 03/03/2011 08:19 AM, McKown, John wrote: This is a type of opinion poll question. In general, it could be reduced to: What do you think of XML encoded data?. In particular, the nice RACF people have a program `which unloads their SMF audit data in XML format as an option. What is nice about it is that the data is printable and so easily downloaded to my Linux system. XML formatting is nice because it easier to read using Java and XSLT processor to do queries and reformatting. Which makes it easier for me to load into a database (PostgreSQL based in my case). I would find it very helpful to me if more SMF records could be made available in XML character format so that I could easily process it on Linux. So I'm wondering what others think of this? Does anybody else like XML? Or am I, once again, in the minority? Yes, I could write an HLASM program myself to do this. Perhaps by somehow reading ADATA output to generate a program to do it. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * john.mck...@healthmarkets.com * www.HealthMarkets.com ... I can see this as potentially useful if applied to a subset of SMF data. But for processing all our umpteen million daily SMF records on another platform it would be a grossly inefficient choice, since adding XML tags to all fields would no doubt increase the physical size of an already large file by a factor of 3 or worse. Compression of XML-formatted data could significantly reduce external file size, but compression/decompression costs cpu, and at some point in creating and using the data you still have to work with the expanded bytes. XML representation has its advantages, but practicality goes down as volume of data goes up. -- Joel C. Ewing, Fort Smith, ARjcew...@acm.org Bentonville, AR jcew...@acm.org -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
George McLaren is out of the office
I will be out of the office starting 04/03/2011 and will not return until 14/03/2011. I will respond to your mail, if required ,on my return. If urgent please contact Chris McClory on 58502 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: z/OS Virus Checker zLinux Virus Checker
hi all, i almost missed this discussion. if you are interested in further arguments and details in this field Vulnerability Analysis and Scan on z you should also refer to the it security forum on our website. we completely solve this problem for over a decade. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ At 14:04 29.01.2011 -0600, you wrote: Elardus, Please let me add some information in response to your posting: There is a difference between a Virus and a System Integrity Exposure.The System Integrity Exposure is the Root Cause that a Virus exploits.There may be many Viruses, especially in Windows Systems, which exploit the same Root Cause.The PC Virus checkers look for the signatures of Virus code either executing or in directories and then take action to remove them.The Virus Checkers cannot fix the Root Cause -- in the case of Windows, only Microsoft can do that.But, it would be better if Microsoft would fix the Root Cause because then the Virus programs would become ineffective. IBM's Statement of Integrity clearly states that if a System Integrity Vulnerability (the Root Cause) is reported to IBM, they will fix it.Microsoft does not make this commitment and this is why the z/OS Operating System is a much more securable system than Windows. However, z/OS is not immune to these threats because it too has system integrity vulnerabilities.In your posting, you state that there are many alternatives to our Vulnerability Analysis Product for the ethical hacking/penetrating/scanning for defects and exposures.In fact, IBM purports to provide this capability from their Tivoli zSecure unit.On their zSecure Audit Website, they state: Security zSecure Audit includes a powerful system integrity analysis feature. Reports identify exposures and potential threats based on intelligent analysis built into the system.That's a pretty powerful and absolute statement. But, since Tivoli is part of IBM you can be assured that their Quality Assurance Unit regularly tests their software against revisions to the IBM z/OS Operating System and, if any integrity exposures were found, they would have reported the vulnerabilities to IBM z/OS Development and Development would have fixed them.That would just be the normal course of business within IBM. But, then, how can you reconcile the fact that our VAT product has located SIXTY SEVEN (67) new system integrity vulnerabilities in z/OS within the last two years.And, our clients have reported them to IBM, IBM has accepted them as errors, issued APARS for all of them and issued PTFs for almost all of them.So, obviously, the IBM Tivoli zSecure Audit package is not catching these errors.And, if IBM, is not catching these in their own code, what about the ones introduced by the rest of the Independent Software Vendor products and locally developed or otherwise obtained code on your system?There is a big vulnerability here that cannot be ignored. An exploit of a z/OS (or ISV) system integrity vulnerability would allow the illegitimate user to obtain control in an authorized state and use this state to change his security credentials to obtain access and be able to modify any RACF protected resource on the system with no SMF journaling of the access.We have found these integrity exposures in code that is in operation on every z/OS system in existence.That is something to be concerned about and to act on. I have no idea of the comparison between the cost of our Vulnerability Analysis Tool versus the competition.We would be happy to discuss that with you -- we believe it is inexpensive compared to the benefits which include not only a reduction of risk and exposure to data loss and modification which would result in exposure of company secrets, private information and financial loss, but a reduction of system outages.But, VAT works and locates the errors that other software/services do not.I can totally assure you that a manual process just will not work in our lifetimes.So, an automated process is necessary.And VAT provides that automation. And I agree with you that many z/OS Auditors need to be educated on this. Ray Overby Key Resources, Inc. Ensuring System Integrity for z/Series^(TM) www.vatsecurity.com (312)574-0007 On 1/29/2011 09:12 AM, Elardus Engelbrecht wrote: Cris Hernandez #9 wrote: I too have auditors who treat the my mainframe like one those little puters and I find it best to first educate them before they convince my management to send me chasing phantoms. Don't assume your auditor won't appreciate a mainframe education. Jim Marshall wrote: Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a Virus Checker. Anyone has a constructive solution as to one
Mainframe Systems Programmer Position (z/Linux z/VM z/OS)
All, HDS have position vacant here in Santa Clara for a z/VM and Linux on Z Series sysprog. I've included the link to the HDS jobs page below. Darren has vetted and approved posting this on the Listserv. The link below won't take you directly to that specific job. This is the HDS Careers page. http://www.hds.com/corporate/careers/job-search/?_p=v Once there enter Mainframe in the keyword search field. Once you enter the search, scroll down to the position headed Mainframe Systems Programmer (z/Linux z/VM z/OS)-002349. Thanks for your interest. Ron -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: z/OS Virus Checker zLinux Virus Checker
Don't see anything like a forum in the sitemap of your web site. J On Fri, Mar 4, 2011 at 7:21 AM, Dr. Stephen Fedtke max_mainframe_...@fedtke.com wrote: hi all, i almost missed this discussion. if you are interested in further arguments and details in this field Vulnerability Analysis and Scan on z you should also refer to the it security forum on our website. we completely solve this problem for over a decade. best stephen --- Dr. Stephen Fedtke Enterprise-IT-Security.com Seestrasse 3a CH-6300 Zug Switzerland Tel. ++41-(0)41-710-4005 www.enterprise-it-security.com ++NEWS++ SF-LoginHood provides state-of-the-art password, phrase and login security for z/OS ++NEWS++ At 14:04 29.01.2011 -0600, you wrote: Elardus, Please let me add some information in response to your posting: There is a difference between a Virus and a System Integrity Exposure.The System Integrity Exposure is the Root Cause that a Virus exploits.There may be many Viruses, especially in Windows Systems, which exploit the same Root Cause.The PC Virus checkers look for the signatures of Virus code either executing or in directories and then take action to remove them.The Virus Checkers cannot fix the Root Cause -- in the case of Windows, only Microsoft can do that.But, it would be better if Microsoft would fix the Root Cause because then the Virus programs would become ineffective. IBM's Statement of Integrity clearly states that if a System Integrity Vulnerability (the Root Cause) is reported to IBM, they will fix it.Microsoft does not make this commitment and this is why the z/OS Operating System is a much more securable system than Windows. However, z/OS is not immune to these threats because it too has system integrity vulnerabilities.In your posting, you state that there are many alternatives to our Vulnerability Analysis Product for the ethical hacking/penetrating/scanning for defects and exposures.In fact, IBM purports to provide this capability from their Tivoli zSecure unit.On their zSecure Audit Website, they state: Security zSecure Audit includes a powerful system integrity analysis feature. Reports identify exposures and potential threats based on intelligent analysis built into the system.That's a pretty powerful and absolute statement. But, since Tivoli is part of IBM you can be assured that their Quality Assurance Unit regularly tests their software against revisions to the IBM z/OS Operating System and, if any integrity exposures were found, they would have reported the vulnerabilities to IBM z/OS Development and Development would have fixed them.That would just be the normal course of business within IBM. But, then, how can you reconcile the fact that our VAT product has located SIXTY SEVEN (67) new system integrity vulnerabilities in z/OS within the last two years.And, our clients have reported them to IBM, IBM has accepted them as errors, issued APARS for all of them and issued PTFs for almost all of them.So, obviously, the IBM Tivoli zSecure Audit package is not catching these errors.And, if IBM, is not catching these in their own code, what about the ones introduced by the rest of the Independent Software Vendor products and locally developed or otherwise obtained code on your system?There is a big vulnerability here that cannot be ignored. An exploit of a z/OS (or ISV) system integrity vulnerability would allow the illegitimate user to obtain control in an authorized state and use this state to change his security credentials to obtain access and be able to modify any RACF protected resource on the system with no SMF journaling of the access.We have found these integrity exposures in code that is in operation on every z/OS system in existence.That is something to be concerned about and to act on. I have no idea of the comparison between the cost of our Vulnerability Analysis Tool versus the competition.We would be happy to discuss that with you -- we believe it is inexpensive compared to the benefits which include not only a reduction of risk and exposure to data loss and modification which would result in exposure of company secrets, private information and financial loss, but a reduction of system outages.But, VAT works and locates the errors that other software/services do not.I can totally assure you that a manual process just will not work in our lifetimes.So, an automated process is necessary.And VAT provides that automation. And I agree with you that many z/OS Auditors need to be educated on this. Ray Overby Key Resources, Inc. Ensuring System Integrity for z/Series^(TM) www.vatsecurity.com (312)574-0007 On 1/29/2011 09:12 AM, Elardus Engelbrecht wrote: Cris Hernandez #9 wrote: I too have auditors who treat the my mainframe like one those little puters and I find it best to first educate them before they convince my management to send me chasing phantoms. Don't assume your
