Hello,
I would like to retrieve the CSDATA stored in my RACF user profile. This is
what I have:
USER=TSGJR
CSDATA INFORMATION
--
FULLNAME John Blythe Reid
I put the same RACROUTE macro in a batch job and it works fine. The problem was
using the RACROUTE in the client's CICS region but this has been solved by
using the EXEC CICS QUERY SECURITY command instead.
I'd like to thank everyone for their help with this.
Regards,
John.
The client's quite happy now as it works with EXEC CICS QUERY SECURITY.
We were only able to get a RC=0 on our own LPAR. On the client's LPAR it was a
hard error. It always gave this response combination no matter which class and
resource they tried:
SAF_RC=04
RACF_RC=04
RACF_RSN=00
Regards,
Thanks Binyamin,
Here are the macros:
RACROUTE REQUEST=AUTH,
CLASS=(R2),
ENTITY=((R3),NONE),
STATUS=ACCESS,
WORKA=(R5),
RELEASE=1.9,
MF=(E,(R1))
RACLST
The client never got the RACROUTE macro to work. Instead they've opted to use
the CICS command EXEC CICS QUERY SECURITY and that works ok. Does anyone think
that the problem may be due to issuing a RACROUTE macro inside a CICS
transaction ? However the same transaction does work on our LPAR but
Rob,
I'm looking at SAFPRRET and SAFPRREA in a test on our LPAR. After checking a
non-existent resource SAFPRRET contains X'0004' and SAFPRREA contains
binary zeros. Is the value in SAFPRRET the RACF RC ? The RACROUTE macro return
code in R15 is also X'04'.
Regards,
John.
Hi Rob,
Thanks a lot for your reply. However, we executed the SETR LIST command and we
can see that the classes involved are indeed active.
By the way, this is a conversion from Top Secret to RACF.
Regards,
John.
--
For
Hello,
We have a CICS module that issues a RACROUTE REQUEST=AUTH to query a user's
access rights to a resource. We execute the module on our LPAR and it works
fine returning RC=0 if the user has access.
When we put that same CICS module on our client's LPAR the RACROUTE
REQUEST=AUTH always
this ?
Regards,
John Blythe Reid.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Hi Mark,
Thanks a lot that's good to know. In this case I've just discovered it in the
Defining Automation Policy manual. It generates this command by default. I need
to add a parameter to the command and this can be done using the Application
Information screen specifying the string of
Hello,
I have a question about this NetView screen:
AOFKINFO Automation Control - Command Dialogs Line 57of 166
Domain Id . : NETVx DISPINFO Date . . : 01/13/22
Operator Id : xTime . . : 16:15:33
Hi Dave,
>>Adabas has supported a reliable backup while active for several decades
>>(1980s)
Yes, that's right. Just why they're doing it this way I really don't know,
particularly as Software AG recommend avoid stopping the Adabas nucleus regions.
Regards,
John.
Hi David,
Yes, it surprised me as well. Evidently any maintenance they have applied, if
any, it didn't need an IPL. In fact they've effectively frozen this set up as
they're in the process of migrating off the mainframe.
Regards,
John.
Rob,
ADABAS does support REUSASID=YES:
The address space ID (ASID) representing this address space is not reassigned
until the next IPL. Therefore, you should choose a sufficiently high value for
the MAXUSERS parameter in the active IEASYSxx member of SYS1.PARMLIB or—if your
system supports
Thanks Rob, Robin,
It was the IEA_ASIDS healthcheck that triggered the alert.
In this case it's due to recycling ADABAS regions. They do it weekly and each
region terminates with this message:
IEF352I ADDRESS SPACE UNAVAILABLE
MXI currently shows this, so you can see that there's not long to
I have a customer with an LPAR running out of ASIDs. I estimate that they will
run out in about three weeks time. This is a fairly big deal as they haven't
IPL'd this LPAR for two years. Clearly an IPL is needed very soon. In fact one
should have been done long before now. The question I have
Thanks Nigel, with EDGINERS it worked like a dream.
Regards,
John.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
I have a question about RMM. We've received some new cartridges that hadn't
been initialized by the supplier. This caused I/O errors when attempts were
made to mount the cartridges.To avoid these errors we changed their status to
INIT so that they wouldn't be mounted:
I don't know if anyone else has come across this but HSM went into a hang state
in production for several hours. There was no indication of this and it only
came to light because jobs began to fail due to datasets not being recalled.
This has been reported to IBM and no doubt a fix will ensue.
Just in case it could help anyone else, I also discovered that I could have
used this callable service to encipher the response:
Encode (CSNBECO and CSNEECO)
Use the encode callable service to encipher an 8-byte string using a clear key.
The
callable service uses the electronic code book (ECB)
Rob, no the key does not exist in the CKDS but is received as part of a request
from a client browser in this string:
123456
The key tag shows the 16 hexadecimal digits of a single length DES key that
must be used to encrypt the response. The browser randomly
I've finally discovered how to do it ! With this verb I can encrypt the text
using a clear single length DES key without the need to create/import a token:
/* Symmetric Key Encipher - CSNBSYE */
call csnbsye(return_code,
reason_code,
In the end I had to use ICSF callable services as the use of an assembler
routine was vetoed. Pity about that. However I do still have some questions
about the use of ICSF in this case.
First I tried this:
call csnbktb - build a token:
--key_type = 'CLRDES
--rule array =
Thanks Timothy. Yes, now that I know that it works I'll clean it up to allow
more flexibility and to provide detailed documentation. It definitely needs to
allow for both single and double length keys. Even though, I'm pretty sure that
this assembler routine will only ever be called by the
This is the subroutine to encrypt and it works like a dream:
*-*
*encrypt string using DES
*-*
encrypt csect ,
to ASCII ready to be encrypted using the browser supplied
encryption key. But how to encrypt it ? Someone mentioned that maybe I need to
use a token. I'm wading through the ICSF manuals now, but if anyone has any
suggestions I'd be very grateful.
Regards,
John
John Blythe Reid
Técnico de Sistemas
Thanks a lot to you both Dale and Tony. I'm writing the module in PL/I but I
can soon slip an assembler sub-routine in !
Regards,
John.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
John Blythe Reid,
Técnico de Sistemas de z/OS y de Sistemas Transaccionales,
Barcelona,
España
Blythe Reid,
Técnico de Sistemas de z/OS y de Sistemas Transaccionales,
Barcelona,
España.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
in the home address, but that's just a
feeling. I'd be interested in anyone else's experience on this.
Regards,
John.
On 20 January 2014 15:03, John McKown john.archie.mck...@gmail.com wrote:
On Mon, Jan 20, 2014 at 3:38 AM, John Blythe Reid
johnblyther...@gmail.comwrote:
Hello,
I just wanted
to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
John Blythe Reid
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
John Blythe Reid,
Técnico de Sistemas de z/OS y de Sistemas Transaccionales,
Barcelona,
España
-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
John Blythe Reid,
Técnico de Sistemas de z/OS y de Sistemas Transaccionales,
Barcelona,
España
33 matches
Mail list logo
