| View previous topic :: View next topic |
| Author |
Message |
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
 Posted: Fri Jul 18, 2003 3:03 am Post subject: Permit Read Access w/o RACF |
 |
|
Hi,
RACF is disabled here and I want to give others read access to my datasets. how can I do this?
Diba. |
|
| Back to top |
|
 |
Cogito-Ergo-Sum
Advanced
Joined: 15 Dec 2002
Posts: 637
Topics: 43
Location: Bengaluru, INDIA
|
| Posted: Fri Jul 18, 2003 3:04 am Post subject: |
|
|
Diba,
See if TSO PERMIT command helps you.
_________________
ALL opinions are welcome.
Debugging tip:
When you have eliminated all which is impossible, then whatever remains, however improbable, must be the truth.
-- Sherlock Holmes. |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Fri Jul 18, 2003 3:44 am Post subject: |
|
|
| Nope. |
|
| Back to top |
|
|
Ashish Jain
Beginner
Joined: 09 Dec 2002
Posts: 15
Topics: 0
Location: India
|
| Posted: Fri Jul 18, 2003 6:27 am Post subject: |
|
|
RACF is disabled...does it mean, its not there in your shop or you have no authorithy to invoke any of the RACF commands?
If RACF (or any other Access Control Tool) is not there, then I guess everyone should be able to read everyone's data. |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Fri Jul 18, 2003 7:57 am Post subject: |
|
|
| There is RACF but when I try to invoke it I get the message 'RACF IS DISABLED'. Actually I am able to see other's datasets but they can't see mine. |
|
| Back to top |
|
|
Manas Biswal
Intermediate
Joined: 29 Nov 2002
Posts: 382
Topics: 27
Location: Chennai, India
|
| Posted: Fri Jul 18, 2003 1:41 pm Post subject: |
|
|
What error message does TSO PERMIT command give you?.
If it gives you a message like "Dataset not defined to RACF" then , perhaps doing a TSO ADDSD might define your dataset to RACF and after that you can continue with tso permit.
Regards,
manas |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Mon Jul 21, 2003 3:03 am Post subject: |
|
|
This is the complete message I get on 'TSO PERMIT' - | Code: | IRR418I RACF PRODUCT DISABLED: COMMAND ENDED.
*** |
Diba. |
|
| Back to top |
|
|
Mike
Beginner
Joined: 03 Dec 2002
Posts: 114
Topics: 0
Location: Sydney, Australia
|
| Posted: Mon Jul 21, 2003 5:58 pm Post subject: |
|
|
What messages do the people trying to access your dataset get ? Try this and also issuing the permit command in batch as the joblog may provide further information/messages.
The IRR418I message indicates that the IFAPRD?? member in SYS1.PARMLIB determines if RACF is enabled/disabled, check this member out (not sure how you determine which ?? is actually in use). The message has COMMAND as opposed to the other possible values. I'm just wondering if it's only the RACF command processing that has been disabled, if that's at all possible.
_________________
Regards,
Mike. |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Mon Jul 21, 2003 11:36 pm Post subject: |
|
|
Mike,
Glad that you asked these questions. I don't have access to SYS1.PARMLIB either -
| Code: | ACF99913 ACF2 VIOLATION-00,00,TS09065,LMVS00,SYS1.PARMLIB,N/A
ACF90913 -DATASET CANNOT BE OPENED; AUTHORIZATION IS REQUIRED.
*** |
Atleast now I know that it is ACF2 and not RACF problem. Still, I don't know anything about ACF2.
Modified question - "How to give access to others by ACF2?".
Regards,
Diba. |
|
| Back to top |
|
|
Manas Biswal
Intermediate
Joined: 29 Nov 2002
Posts: 382
Topics: 27
Location: Chennai, India
|
| Posted: Tue Jul 22, 2003 3:02 pm Post subject: |
|
|
I would talk to my sys adm about it.
Regards,
manas |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12375
Topics: 75
Location: San Jose
|
| Posted: Tue Jul 22, 2003 5:35 pm Post subject: |
|
|
Dibakar,
- Enter "ACF" (from TSO/ISPF option 6).
(Then you will get the ACF2 ready message which is "ACF")
- Enter "DECOMP TID INTO(DATASET)".
("DATASET" can be any name or member of a PDS)
- Enter "END".
(This will get you out of ACF2 and back in the command
option)
- Use normal edit to modify the rule set which is stored in the
dataset you specified in step 2.
- Leave the edit mode and return to TSO/ISPF option 6.
- Enter "ACF".
- From ACF enter "COMPILE DATASET(TID)".
(This will check to make sure there are no syntax errors
in your ACF2 rules. If there are any problems, re-edit
your "DATASET(TID)" and correct them.)
- Enter "STORE".
(This will save your new ACF2 rules.)
- Enter "END".
Hope this helps...
cheers
kolusu |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Wed Jul 23, 2003 3:11 am Post subject: |
|
|
Kolusu,
I am getting error, "ACF03005 RULE RECORD NOT FOUND", when I give "DECOMP .." command.
Manas,
I would like to contact sys adm but since they are in a different company and country its not easy to contact them.
Diba. |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12375
Topics: 75
Location: San Jose
|
| Posted: Wed Jul 23, 2003 8:37 am Post subject: |
|
|
Dibakar,
Check with your co-workers who you think has ACF2 authorization and decomp his rule set. Then copy that ruleset onto your dataset and edit the rules. Once edited you can directly jump to step 6 and proceed onwards.
Hope this helps...
cheers
kolusu |
|
| Back to top |
|
|
Dibakar
Advanced
Joined: 02 Dec 2002
Posts: 700
Topics: 63
Location: USA
|
| Posted: Mon Jul 28, 2003 7:36 am Post subject: |
|
|
Kolusu,
Thanks for your effort. I could not get it from my team mates either. Now my team lead is talk with system adm people.
Diba. |
|
| Back to top |
|
|
kolusu
Site Admin
Joined: 26 Nov 2002
Posts: 12375
Topics: 75
Location: San Jose
|
| Posted: Mon Jul 28, 2003 5:20 pm Post subject: |
|
|
Dibakar,
Try this. This is sample of my ACF2 rule set.
| Code: |
$KEY(YOUR TID)
- UID(CH**********OTHER TID) READ(A)
- UID(CH**********OTHER TID) READ(A) WRITE(A)
- UID(CH**********OTHER TID) READ(A) WRITE(A) ALLOC(A)
- UID(CH**********OTHER TID) READ(A) WRITE(A) ALLOC(A) EXEC(A)
|
Read (A)- Browse capability."R" can be used instead of "READ".Here A in the parenthesis stands for Allow
WRITE(A) - Edit capability.you can use W instead of WRITE
ALLOCATE = Delete and create capability. "A" can be used instead of
"ALLOCATE"
EXECUTE = Execute capability. "E" can be used instead of "EXECUTE"
Let us say your TID is T1234AB , and you want to give access to T1111XX,
T2222YY, T3333ZZ & T4444CC then your rule set will look like the following.
| Code: |
$KEY(T1234AB)
- UID(CH**********T1111XX) READ(A)
- UID(CH**********T2222YY) READ(A) WRITE(A)
- UID(CH**********T3333ZZ) READ(A) WRITE(A) ALLOC(A)
- UID(CH**********T4444CC) READ(A) WRITE(A) ALLOC(A) EXEC(A)
|
save this is a member of a pds. And now jump to step 6 in the procedure
shown above.
Hope this helps...
cheers
kolusu |
|
| Back to top |
|
|
|
|
|
FAQ
Search
Quick Manuals
Register
Profile
Log in to check your private messages
Log in
