subject:"Got DSN3107I FROM REXX CONSOLE SYSCMD command"

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-14 Thread Walt Farrell

On Sun, 13 Jan 2008 20:56:13 -0600, Yan Ying [EMAIL PROTECTED] wrote:
 Thanks for you reply.What confused me is I can send MVS/JES2
cmd in my rexx program and get the return msg.The pgm look like that :
CMD = '$D SPL'
CONSPROF SOLDISP(NO) SOLNUM(800)
CONSOLE ACTIVATE NAME(DALCMD)
CONSOLE SYSCMD(||CMD||)   CART('DAL001')
GETCODE = GETMSG('DAL1.',,'DAL001','',10)
CONSOLE DEACTIVATE
The program is sub in JCL by IKJEFT01.
Why DB2 cmd need special auth and how to get the auth.

Apparently (as Scott indicated), DB2 wants its commands to come from a
console with system (SYS) authority.  On the other hand, $D should need only
INFO authority.

Check the OPERPARM segment of the USER profile that matches the console name
you use (by default, the system uses the running user ID as the console
name).  The AUTH field should say SYS or a higher value.

Additionally, make sure that you have the OPERCMDS class active, and SETR
RACLISTED (if using RACF), and that you have access to OPERCMDS resource
MVS.MCSOPER.console-name because without that access you'll only have INFO
authority regardless of what the OPERPARM segment specifies.

-- 
  Walt Farrell, CISSP
  IBM STSM, z/OS Security Design

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: [DB2-L] Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-14 Thread Lizette Koehler

YY -

You need to understand that there are two security checks going on.  For MVS 
commands there is one set of checks.  For DB2 Commands there is a different 
setup.  I would contact my security administrator and ask them how the DB2 
command you are trying to issue is handled.  You also need to check on the 
internal DB2 Security.  It is possible that there is also a security check 
going on there as well.

Each shop is unique on how they setup security.  And that depends on the 
security product you are using. 

The message DSN3107I - DSN3EC0X -COMMAND REJECT.REQUESTOR NOT AUTHORIZED. 
 Indicates that you are not authorized to the DB2 command.  However, since you 
can issue D IPLINFO, you do have the authority to MVS commands.  Look at the 
SYSTEM PROGRAMMER RESPONSE:
System Programmer Response: Verify that this console should be used for 
entering DB2 commands. If so, authorize it for 'system' commands by using MVS 
services. 



Lizette


 
 Hi all,
 I use  REXX to inquire DB2 BUFFERPOOL detail status.I use
 CONSPROF / CONSOLES / CONSOLE SYSCMD command to get
 the info.But I can only get msg DSN3107I.
 DSN3107I - DSN3EC0X -COMMAND REJECT.REQUESTOR NOT
 AUTHORIZED.
 I have another REXX work like that to gather system info
 (like'D IPLINFO') can work good.
 IBMBOOK said:the CSECT DSN3EC0X has discovered that the source of the
 command was a console that does not have 'system' authority.
 How can i have the system authorize?Did anyone do job like that?
 Thanks a lot for help.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-14 Thread Mike Bell

I suspect DB2 needs SYSOPER or SYSADM DB2 authorization.  This is DB2
security and it is maintained by DB2. Talk to the DB2 install sysprog's.
My memory was console commands came in with userid SYSOPR but there are
other circumstances that the userid is passed.

Mike

On Jan 13, 2008 8:56 PM, Yan Ying [EMAIL PROTECTED] wrote:

 Hi all,
 Thanks for you reply.What confused me is I can send MVS/JES2
 cmd in my rexx program and get the return msg.The pgm look like that :
 CMD = '$D SPL'
 CONSPROF SOLDISP(NO) SOLNUM(800)
 CONSOLE ACTIVATE NAME(DALCMD)
 CONSOLE SYSCMD(||CMD||)   CART('DAL001')
 GETCODE = GETMSG('DAL1.',,'DAL001','',10)
 CONSOLE DEACTIVATE
The program is sub in JCL by IKJEFT01.
Why DB2 cmd need special auth and how to get the auth.
 Yan Ying


 --
 For IBM-MAIN subscribe / signoff / archive access instructions,
 send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
 Search the archives at http://bama.ua.edu/archives/ibm-main.html




-- 
Mike

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-14 Thread Shmuel Metz (Seymour J.)

In [EMAIL PROTECTED], on 01/10/2008
   at 01:56 AM, Yan Ying [EMAIL PROTECTED] said:

I use a REXX to inquire DB2 BUFFERPOOL detail status.I use  CONSPROF
/ CONSOLES / CONSOLE SYSCMD command to get
the info.But I can only get msg DSN3107I.
DSN3107I - DSN3EC0X -COMMAND REJECT.REQUESTOR NOT 
AUTHORIZED.

You need to explain to your security and DB2 people why you need to do
this, then ask them to grant the necessary privileges.

-- 
 Shmuel (Seymour J.) Metz, SysProg and JOAT
 ISO position; see http://patriot.net/~shmuel/resume/brief.html 
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-13 Thread Yan Ying

Hi all,
 Thanks for you reply.What confused me is I can send MVS/JES2
cmd in my rexx program and get the return msg.The pgm look like that :
CMD = '$D SPL'
CONSPROF SOLDISP(NO) SOLNUM(800)
CONSOLE ACTIVATE NAME(DALCMD)
CONSOLE SYSCMD(||CMD||)   CART('DAL001')
GETCODE = GETMSG('DAL1.',,'DAL001','',10)
CONSOLE DEACTIVATE
The program is sub in JCL by IKJEFT01.
Why DB2 cmd need special auth and how to get the auth.
Yan Ying
 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-11 Thread Ed Finnell

 
In a message dated 1/11/2008 8:02:30 A.M. Central Standard Time,  
[EMAIL PROTECTED] writes:

To set the base MVS console authority for your user, you need to update  the
OPERPARM segment associated with your userid.



Don't think it has anything to do with MVS,  only DB2 authorities. Install 
adm, sysadm, DBADM. It's a hierarchy in DSNZPARM  customization. To grant lower 
you have to have higher 







**Start the year off right.  Easy ways to stay in shape. 
http://body.aol.com/fitness/winter-exercise?NCID=aolcmp0030002489

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-11 Thread Scott Fagen

On Thu, 10 Jan 2008 01:56:57 -0600, Yan Ying wrote:
I use a REXX to inquire DB2 BUFFERPOOL detail status.I use
CONSPROF / CONSOLES / CONSOLE SYSCMD command to get
the info.But I can only get msg DSN3107I.
DSN3107I - DSN3EC0X -COMMAND REJECT.REQUESTOR NOT
AUTHORIZED.
I have another REXX work like that to gather system info
(like'D IPLINFO') can work good.
IBMBOOK said:the CSECT DSN3EC0X has discovered that the source of the
command was a console that does not have 'system' authority.
How can i have the system authorize?Did anyone do job like that?

The answer is:  it depends...

1) Is the OPERCMDS class active in your security product?
If so, then you need to give your console authority to the appropriate operator
command profile.

2) I am not sure what 'system' authority means.  Base MVS console authority
comes in a few flavors:
o  INFO  (authorized to issue a smattering of display-only commands)
o  SYS   (authorized to issue smattering of 'system related' commands)
o  I/O(authorized to issue smattering of 'I/O device related' commands)
o  CONS (authorized to issue smattering of 'console configuration related'
commands)
o  MASTER (can issue all system commands)

To set the base MVS console authority for your user, you need to update the
OPERPARM segment associated with your userid.

Scott Fagen
Enterprise Systems Management

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Got DSN3107I FROM REXX CONSOLE SYSCMD command

2008-01-09 Thread Yan Ying

Hi all,
I use a REXX to inquire DB2 BUFFERPOOL detail status.I use 
CONSPROF / CONSOLES / CONSOLE SYSCMD command to get
the info.But I can only get msg DSN3107I.
DSN3107I - DSN3EC0X -COMMAND REJECT.REQUESTOR NOT 
AUTHORIZED.
I have another REXX work like that to gather system info
(like'D IPLINFO') can work good.
IBMBOOK said:the CSECT DSN3EC0X has discovered that the source of the 
command was a console that does not have 'system' authority.
How can i have the system authorize?Did anyone do job like that?
Thanks a lot for help.

YY

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: [DB2-L] Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Re: Got DSN3107I FROM REXX CONSOLE SYSCMD command

Got DSN3107I FROM REXX CONSOLE SYSCMD command

8 matches

Site Navigation

Mail list logo

Footer information