Author: steve-myers
Posted: Tue Mar 21, 2017 6:46 pm (GMT 5.5)
In RACF terminology there are five access levels: NONE, READ, UPDATE, CONTROL, and ALTER. NONE and READ are pretty obvious. Their precise meaning is well defined for data set resources, though it gets somewhat hazy for "general" resources. ALTER also gives CONTROL, UPDATE and READ, CONTROL also gives UPDATE and READ. UPDATE also gives READ.
I just went through a SYSLOG to find an example; this one happened to be the first one I encountered.
You didn't bother with two important lines that are usually printed; the first one tells us the resource and RACF resource class of the resource being tested and the second tells us the RACF profile used to determine access to the resource. Together the two lines tell a RACF analyst how to correct the problem. Since few of us here know the product - I certainly don't - the resource and class probably will not mean anything to us. ACCESS INTENT(CONTROL) hints you are trying to do more than just read the resource. However, as I said, the true meaning of CONTROL access is kind of hazy for many general resources.
Posted: Tue Mar 21, 2017 6:46 pm (GMT 5.5)
In RACF terminology there are five access levels: NONE, READ, UPDATE, CONTROL, and ALTER. NONE and READ are pretty obvious. Their precise meaning is well defined for data set resources, though it gets somewhat hazy for "general" resources. ALTER also gives CONTROL, UPDATE and READ, CONTROL also gives UPDATE and READ. UPDATE also gives READ.
| Code: |
| ICH408I USER(PAVANSE ) GROUP(USERG02 ) NAME(DEVIREDDYPAVAN ) JES2.RESTART.BAT CL(OPERCMDS) <--- INSUFFICIENT ACCESS AUTHORITY FROM JES2.** (G) <--- ACCESS INTENT(CONTROL) ACCESS ALLOWED(READ ) |
I just went through a SYSLOG to find an example; this one happened to be the first one I encountered.
You didn't bother with two important lines that are usually printed; the first one tells us the resource and RACF resource class of the resource being tested and the second tells us the RACF profile used to determine access to the resource. Together the two lines tell a RACF analyst how to correct the problem. Since few of us here know the product - I certainly don't - the resource and class probably will not mean anything to us. ACCESS INTENT(CONTROL) hints you are trying to do more than just read the resource. However, as I said, the true meaning of CONTROL access is kind of hazy for many general resources.