>>> On 2/3/2011 at 5:12 PM, in message <[email protected]>, >>> "R.S." <[email protected]> wrote: > W dniu 2011-02-04 00:33, Frank Swarbrick pisze: >> Interesting. >> I'm not clear where this is documented, but I'll see what my RACF admin has > to say. >> Basically, I tried in our prod LPAR to backup (DUMP) a file that was > currently open to CICS; thus the TOLERATE(ENQF). But I could not perform it > because... >> >> ICH408I USER(DVFJS ) GROUP(DEPT9971) NAME(FRANK SWARBRICK ) 928 >> STGADMIN.ADR.DUMP.TOLERATE.ENQF CL(FACILITY) >> INSUFFICIENT ACCESS AUTHORITY >> FROM STGADMIN.ADR.** (G) >> ACCESS INTENT(READ ) ACCESS ALLOWED(NONE ) > > That's quite obvious. > Some basics: resource is a string STGADMIN.ADR.DUMP.TOLERATE.ENQF > RACF db holds the profiles. In your case your RACF db has no profile > equal to resource name, but it holds *generic* profile STGADMIN.ADR.** > which covers required resource. > In your case this profile is to wide in scope. Your RACF admin should > consider definition of STGADMIN.ADR.STGADMIN.** - this profile is > powerfule and dangerous. The old profile could be defined with > UACC(READ) which means "available to anyone". > > In other words, your RACF admin unnecessarily restricted some functions.
Indeed. Most likely he made the (very reasonable I would think) assumption that all of the STGADMIN.ADR resources should be given only to, well, storage administrators. :-) I may just let this go rather than bothering him, but the information is helpful and may be of use in the future. Frank The information contained in this electronic communication and any document attached hereto or transmitted herewith is confidential and intended for the exclusive use of the individual or entity named above. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, you are hereby notified that any examination, use, dissemination, distribution or copying of this communication or any part thereof is strictly prohibited. If you have received this communication in error, please immediately notify the sender by reply e-mail and destroy this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
