[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: MGMTCLAS message
From:       Bruce <bgordon566 () COMCAST ! NET>
Date:       2014-12-24 4:00:03
Message-ID: 6CC9EF90-4BA8-4E56-9C7E-006C3C309DC4 () comcast ! net
[Download RAW message or body]

Thank you

Sent from my iPhone

> On Dec 23, 2014, at 1:01 PM, Walt Farrell <walt.farrell@GMAIL.COM> wrote:
> 
> > On 12/23/2014 11:56 AM, bruce gordon wrote:
> > We are getting the following message from RACF on our test LPAR, and am not sure \
> > where the user *NONE* is coming from, but when I changed the uacc to read, it \
> > went away. 
> > ICH408I USER(*NONE*  ) GROUP(STAGV   ) NAME(
> > ONLINE CL(MGMTCLAS)
> > INSUFFICIENT ACCESS AUTHORITY
> > ACCESS INTENT(READ   )  ACCESS ALLOWED(NONE   )
> 
> Checks in MGMTCLAS are (usually, and by default) for the resource owner (RESOWNER) \
> for the SMS-managed dataset, as assigned by either: (a) the RESOWNER field in the \
> DFP segment for the generic profile that protects the data set; or (b) the HLQ of \
> the data set name. 
> When the RESOWNER is a group, rather than a user, the check is done with a user ID \
> of *NONE* and the group name, and if the group doesn't have the necessary authority \
> you'll get a message like that. 
> There is a parameter in SYS1.PARMLIB(IGDSMSxx) that will change the checking so it \
> uses the execution user instead. It's something like USE_RESOWNER(NO). 
> -- 
> Walt


[prev in list] [next in list] [prev in thread] [next in thread]