OnDemand User Group
Support Forums => z/OS Server => Topic started by: LWagner on February 03, 2011, 04:07:31 PM
-
I am trying to accomplish cutting over to RACF for security to access folders and cabinets. :)
We can not get Folders neither hidden not inaccessible correctly based on RACF entries, with only *PUBLIC access in the Folders Permissions tab. With over 200 folders defined, and a RACF group restricted to just four folders, a user with only acess to those four sees almost all other folders, and any folder can be searched. We've tried numerous variations, with no improvement. ???
Can someone provide me an example of the RACF structure to have this work correctly, and any code customizations to arsuperm and ARSUSECZ ? :-\
Thank You
-
We went with the theory that RACF has convoluted grants and blocks we were not expecting, and created a new id to test with, gave it access to one OnDemand report class.
This new id only dipslayed the four folders that it should. We now suspect we have some cleanup in our very old RACF database to work on.
-
we use RACF and the security exit for access. Each user is defined, and stands on his/her own merits for permissions. Maybe monday I can help you out a bit. We customized the sample code just a little bit
-
Geoffe:
For every folder, nearly every user. our syslog and console display the following.
ICH408I USER(CINTREDS) GROUP(CLSERVER) NAME(C/S INTERNET51
$SA5195P1 CL(ARS1FLDR)
INSUFFICIENT ACCESS AUTHORITY
FROM $* (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
==========================================
With 3,000 folders, that's 15,000 lines per user per login. Did you suppress those messages from RACF ?
-
Hi
On your call to RACROUTE , do you use "MSGSUPP=NO" ??
Using "MSGSUPP=YES" should suppress the ICH408
Regards
/H Carlberg
-
We did find that , thank you.