View previous topic :: View next topic
|
Author |
Message |
wizard_rh
New User
Joined: 03 Apr 2007 Posts: 8 Location: Poland
|
|
|
|
Hi
I have a problem like this:
Code: |
ICH408I USER(JXXX ) GROUP(ADAOPER ) NAME(JOXXXX DZXXXXX ) 964
EUVFKDLL CL(DIRSRCH ) FID(01E4D5C9E7F0C300010C000000000003)
INSUFFICIENT AUTHORITY TO STAT
ACCESS INTENT(--X) ACCESS ALLOWED(GROUP ---)
EFFECTIVE UID(0000000191) EFFECTIVE GID(0000000004)
|
maybe someone knows what can I do? |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
Hello RH and welcome to the forums,
Have you looked up the error message id? I'd suggest that. The manuals are available via the "Manuals" link at the top of the page.
From your post, you need to talk with your security admin people. |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
Quote: |
ACCESS INTENT(--X) ACCESS ALLOWED(GROUP ---) |
the ich408i explanation is CLEAR
the access intent was checked against the group access permissions
and .... none were found !
regards
e.s |
|
Back to top |
|
|
expat
Global Moderator
Joined: 14 Mar 2007 Posts: 8797 Location: Welsh Wales
|
|
|
|
If you are running SAS on z/OS 1.7 or above ignore the message |
|
Back to top |
|
|
wizard_rh
New User
Joined: 03 Apr 2007 Posts: 8 Location: Poland
|
|
|
|
Hi all, and thank you for response.
dick scherrer: I talk with my security admin people but they don't have any idea how resolve this problem :-(
enrico-sorichetti: I know that problem is in "access allowed for group" but I don't know where can I change this permision. Which RACF options responsible for this ?
expat: This message is appear when I used ftp from my PC (win xp) to z/OS 1.8
Thanks for all |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
Quote: |
I talk with my security admin people but they don't have any idea how resolve this problem |
Looks like Your organization is trying to implement something above their competence level,
-rude but sadly true
DIRACC, DIRSRCH, DIR...
are RACF classes related to directory access
reading The "security administrator guide" manual will give them all the details on how to solve the issue
replying with more info on the subject would be, by my ethics,
giving free consultancy to a profit organization,
the objective of these forums is to help people do their job in a better way ( for themselves ),
not help organizations solve their problems
regards
e.s |
|
Back to top |
|
|
wizard_rh
New User
Joined: 03 Apr 2007 Posts: 8 Location: Poland
|
|
|
|
hmmm...
thanks for all but you haven't right. I'm a NEW member in z/OS environment and I seek help wherever. I'm a system programmer and in my competence is resolve this problem.
maybe someone can tell me more about my problem.
Thank you .... |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
Quote: |
hanks for all but you haven't right. I'm a NEW member in z/OS environment and I seek help wherever. I'm a system programmer and in my competence is resolve this problem.
maybe someone can tell me more about my problem.
|
YES I DO HAVE IT VERY RIGHT !!
It is Your company problem to give You proper training in order to achieve its objectives
( and to the security administrators too )
regards
e.s |
|
Back to top |
|
|
wizard_rh
New User
Joined: 03 Apr 2007 Posts: 8 Location: Poland
|
|
|
|
I don't agree with you but it's your point of view so ...
thanks for all....
maybe someone else help me ? |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
Quote: |
I don't agree with you but it's your point of view so ...
thanks for all.... |
You have the right of not agreeing, but You should also try to understand my point...
Security is not something that You can throw in a system and hope that everything will work,
there is the need to understand and plan many things
- the environment
- the resources
- the roles
- the matrix of the resources vs.the roles
- build a staged plan for protecting and granting access to the resources
- run a period of "grace" in order to verify that the business will keep running
- define the auditing procedures and the actions to be taken in case of violations
- legal and human-resources issues
- ... add many many more
You see that solving Your little problem means to have available Your security implementation plan
in order to verify that granting You the access to the resources You say You need
is done according to the security strategies of Your company
I FIRMLY BELIEVE THAT ADVISING ON SECURITY RELATED ISSUES MIGHT GET THE FORUM IN TROUBLE
regards
e.s |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
Hello,
To add a bit to what Enrico posted.
I believe we should point people with security issues/questions in the right direction, but we shouldn't provide commands. That should be accomplished within the organization, not the forum.
Unfortunately, many systems (especially those brought online by people basically still in training) have a weak to non-existent security plan. There are some rules, but not really a plan. Bad things often happen on those systems.
Even with the best intentions, we don't know your system and may do more harm than good.
Another issue i have with posting "how-to" is that while the TS may have a valid reason to ask, there are others who are constantly trying to see what they can get away with.
IMHO, we should surely not be helping them. |
|
Back to top |
|
|
wizard_rh
New User
Joined: 03 Apr 2007 Posts: 8 Location: Poland
|
|
|
|
In thiis case ..........
THANK YOU VERY MUCH for all ...........
I will be try to understand our security plan and resolve this problem :-)
best regards, |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
You're welcome and Good Luck:)
As a suggestion, you might be able to convince the security admin people to ask the question of the vendor support for your system's security software (IBM or Computer Associates dependingon which product).
They can surely explain how to fix this to the security admins. |
|
Back to top |
|
|
donald basemore
New User
Joined: 02 Apr 2008 Posts: 1 Location: atlanta,ga
|
|
|
|
I had this same problem and after extensive research found that I had a directory set at 700 in USS which was where the called program resided. I would definitely check the permissions on your bin directories to make sure they are set for execution. RACF is just the reporter in this case. |
|
Back to top |
|
|
priyaselvaraj Warnings : 1 New User
Joined: 04 Apr 2008 Posts: 3 Location: Chennai
|
|
|
|
for this problem u hv to go and speak with the system side people(system administrator) they wont give accesss permission to use certain utilities bcoz sometimes it may scratch some datasets. If system adminstrator give the access means u can proceed and u wont face that error. Clearly they hv to give the access for u. |
|
Back to top |
|
|
|