'Re: TRSOURCE question'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: TRSOURCE question
From:       Dovid Wakser <0000051422d81dd4-dmarc-request () LISTSERV ! UGA ! EDU>
Date:       2018-08-21 14:26:40
Message-ID: 00a801d4395a$fafb4c80$f0f1e580$ () com
[Download RAW message or body]

Thanks, Bruce. And good point about revoking the authority when I am done!

-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Bruce Hayden
Sent: Tuesday, August 21, 2018 3:57 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: TRSOURCE question

The CP TRSOURCE command is protected by the VMCMD class.  I assume you have
that class active.  You need to create the resource "RAC RDEF VMCMD
TRSOURCE UACC(NONE)" and then give any virtual machine that will issue that
command READ access to that resource.  Those users will also need to have
privilege class C or a user defined privilege class that includes the
TRSOURCE command.  I hope that once you are done debugging the problem you
would remove the permission and remove any extra privileges from the users.

You should define a resource for each defined profile name in the VMCMD
class.  See Chapter 9 of the z/VM RACF Administrator's Guide.  In some
cases you'd want to define a generic resource (such as XAUTOLOG.** and
XAUTOLOG.ON.**) so that you avoid any "command not defined to RACF"
messages.  This is especially important if you customize RACF to "fail" any
undefined resources instead of the default "defer" action which means defer
to CP.

On Tue, Aug 21, 2018 at 7:42 AM, Dovid Wakser <
0000051422d81dd4-dmarc-request@listserv.uga.edu> wrote:

> All:
>
>
>
>       In an attempt to diagnose a hardware problem, I was asked to start a
> TRSOURCE trace - something that I don't ever recall doing. However, when I
> issue the command in a z/VM virtual machine, I receive: RPIMGR055E COMMAND
> TRSOURCE NOT DEFINED TO RACF. Since I do not believe I am "protecting" any
> z/VM commands, how do I get around this? I will need to allow multiple
> z/VSE
> guests to issue this command.
>
>
>
> David Wakser
>
>
>


-- 
Bruce Hayden
z/VM and Linux on IBM Z and LinuxONE
IBM Washington Systems Center
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic