Permit Read Access w/o RACF
Select messages from
 # through # FAQ
[/[Print]\]
Goto page 1, 2  Next  :| |:
MVSFORUMS.com -> TSO and ISPF
#1: Permit Read Access w/o RACF Author: DibakarLocation: USA PostPosted: Fri Jul 18, 2003 3:03 am
    —
Hi,

RACF is disabled here and I want to give others read access to my datasets. how can I do this?

Diba.
#2:  Author: Cogito-Ergo-SumLocation: Bengaluru, INDIA PostPosted: Fri Jul 18, 2003 3:04 am
    —
Diba,
See if TSO PERMIT command helps you.
#3:  Author: DibakarLocation: USA PostPosted: Fri Jul 18, 2003 3:44 am
    —
Nope.
#4:  Author: Ashish JainLocation: India PostPosted: Fri Jul 18, 2003 6:27 am
    —
RACF is disabled...does it mean, its not there in your shop or you have no authorithy to invoke any of the RACF commands?

If RACF (or any other Access Control Tool) is not there, then I guess everyone should be able to read everyone's data.
#5:  Author: DibakarLocation: USA PostPosted: Fri Jul 18, 2003 7:57 am
    —
There is RACF but when I try to invoke it I get the message 'RACF IS DISABLED'. Actually I am able to see other's datasets but they can't see mine.
#6:  Author: Manas BiswalLocation: Chennai, India PostPosted: Fri Jul 18, 2003 1:41 pm
    —
What error message does TSO PERMIT command give you?.
If it gives you a message like "Dataset not defined to RACF" then , perhaps doing a TSO ADDSD might define your dataset to RACF and after that you can continue with tso permit.

Regards,
manas
#7:  Author: DibakarLocation: USA PostPosted: Mon Jul 21, 2003 3:03 am
    —
This is the complete message I get on 'TSO PERMIT' -
Code:
    IRR418I RACF PRODUCT DISABLED: COMMAND ENDED.
    ***                                             


Diba.
#8:  Author: MikeLocation: Sydney, Australia PostPosted: Mon Jul 21, 2003 5:58 pm
    —
What messages do the people trying to access your dataset get ? Try this and also issuing the permit command in batch as the joblog may provide further information/messages.

The IRR418I message indicates that the IFAPRD?? member in SYS1.PARMLIB determines if RACF is enabled/disabled, check this member out (not sure how you determine which ?? is actually in use). The message has COMMAND as opposed to the other possible values. I'm just wondering if it's only the RACF command processing that has been disabled, if that's at all possible.
#9:  Author: DibakarLocation: USA PostPosted: Mon Jul 21, 2003 11:36 pm
    —
Mike,

Glad that you asked these questions. I don't have access to SYS1.PARMLIB either -
Code:
ACF99913 ACF2 VIOLATION-00,00,TS09065,LMVS00,SYS1.PARMLIB,N/A    
ACF90913  -DATASET CANNOT BE OPENED; AUTHORIZATION IS REQUIRED.
***                                                               


Atleast now I know that it is ACF2 and not RACF problem. Still, I don't know anything about ACF2.

Modified question - "How to give access to others by ACF2?".

Regards,
Diba.
#10:  Author: Manas BiswalLocation: Chennai, India PostPosted: Tue Jul 22, 2003 3:02 pm
    —
I would talk to my sys adm about it.

Regards,
manas
#11:  Author: kolusuLocation: San Jose PostPosted: Tue Jul 22, 2003 5:35 pm
    —
Dibakar,

  • Enter "ACF" (from TSO/ISPF option 6).
    (Then you will get the ACF2 ready message which is "ACF")
  • Enter "DECOMP TID INTO(DATASET)".
    ("DATASET" can be any name or member of a PDS)
  • Enter "END".
    (This will get you out of ACF2 and back in the command
    option)
  • Use normal edit to modify the rule set which is stored in the
    dataset you specified in step 2.
  • Leave the edit mode and return to TSO/ISPF option 6.
  • Enter "ACF".
  • From ACF enter "COMPILE DATASET(TID)".
    (This will check to make sure there are no syntax errors
    in your ACF2 rules. If there are any problems, re-edit
    your "DATASET(TID)" and correct them.)
  • Enter "STORE".
    (This will save your new ACF2 rules.)
  • Enter "END".


Hope this helps...

cheers

kolusu
#12:  Author: DibakarLocation: USA PostPosted: Wed Jul 23, 2003 3:11 am
    —
Kolusu,
I am getting error, "ACF03005 RULE RECORD NOT FOUND", when I give "DECOMP .." command.

Manas,
I would like to contact sys adm but since they are in a different company and country its not easy to contact them.

Diba.
#13:  Author: kolusuLocation: San Jose PostPosted: Wed Jul 23, 2003 8:37 am
    —
Dibakar,

Check with your co-workers who you think has ACF2 authorization and decomp his rule set. Then copy that ruleset onto your dataset and edit the rules. Once edited you can directly jump to step 6 and proceed onwards.

Hope this helps...

cheers

kolusu
#14:  Author: DibakarLocation: USA PostPosted: Mon Jul 28, 2003 7:36 am
    —
Kolusu,

Thanks for your effort. I could not get it from my team mates either. Now my team lead is talk with system adm people.

Diba.
#15:  Author: kolusuLocation: San Jose PostPosted: Mon Jul 28, 2003 5:20 pm
    —
Dibakar,

Try this. This is sample of my ACF2 rule set.

Code:

$KEY(YOUR TID)
 - UID(CH**********OTHER TID) READ(A)
 - UID(CH**********OTHER TID) READ(A) WRITE(A)
 - UID(CH**********OTHER TID) READ(A) WRITE(A) ALLOC(A)
 - UID(CH**********OTHER TID) READ(A) WRITE(A) ALLOC(A) EXEC(A)


Read (A)- Browse capability."R" can be used instead of "READ".Here A in the parenthesis stands for Allow

WRITE(A) - Edit capability.you can use W instead of WRITE

ALLOCATE = Delete and create capability. "A" can be used instead of
"ALLOCATE"

EXECUTE = Execute capability. "E" can be used instead of "EXECUTE"

Let us say your TID is T1234AB , and you want to give access to T1111XX,
T2222YY, T3333ZZ & T4444CC then your rule set will look like the following.

Code:

$KEY(T1234AB)
 - UID(CH**********T1111XX) READ(A)
 - UID(CH**********T2222YY) READ(A) WRITE(A)
 - UID(CH**********T3333ZZ) READ(A) WRITE(A) ALLOC(A)
 - UID(CH**********T4444CC) READ(A) WRITE(A) ALLOC(A) EXEC(A)


save this is a member of a pds. And now jump to step 6 in the procedure
shown above.

Hope this helps...

cheers

kolusu
MVSFORUMS.com -> TSO and ISPF


output generated using printer-friendly topic mod. All times are GMT - 5 Hours

Goto page 1, 2  Next  :| |:
Page 1 of 2

Powered by phpBB © 2001, 2005 phpBB Group