View previous topic :: View next topic
|
Author |
Message |
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
when i tried to create a dataset or vsam cluster with some other prefix, i am facing this error.
ICH408I USER(OPRTCM ) GROUP(OPR ) NAME( ) 371
ANF.QUEUE CL(DATASET ) VOL(*BLANK)
DEFINE - GROUP NOT DEFINED
I tried to issue 'pe *.** cl(dataset) id(oprtcm) access(alter)'
but it is not working.
how to resolve this issue? |
|
Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006 Posts: 19244 Location: Inside the Matrix
|
|
|
|
Hello,
Please post the jcl, control statements, and the diagnostic info generated by the problem run. |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
I am using this jcl.
//CREATE EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=*
//SYSIN DD *
DEFINE CLUSTER -
(NAME(ANF.QUEUE) -
VOLUMES(AUSR01) -
INDEXED -
SPEED -
SHAREOPTIONS(4 3)) -
DATA -
(NAME(ANF.QUEUE.DATA) -
CYL(2 1) -
KEYS(20 0) -
RECORDSIZE(1292 2048) -
FREESPACE(10,10) -
CISZ(24576)) -
INDEX -
(NAME(ANF.QUEUE.INDEX))
/* |
|
Back to top |
|
|
UmeySan
Active Member
Joined: 22 Aug 2006 Posts: 771 Location: Germany
|
|
|
|
Morning Sir !
Are you in an RACF Administration Group, to have the rights to do a permit like you did ???
Next question, is "ANF" a valid HLQ at your System ??? |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
Pleasant morning!
Yes I have the rights to issue the commands like I did.
I can create clusters with my prefix.
But I cannot create with other prefixes.
Also ANF is a valid prefix. |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10872 Location: italy
|
|
|
|
You already debugged the issue,
ask Your security support group to give You the proper permissions on "ANF.---------"
review Your understanding of the permit commands logic
you can issue the permit command only for resources You have control/alter access...
Quote: |
I tried to issue 'pe *.** cl(dataset) id(oprtcm) access(alter)'
but it is not working.
|
I hope that that was a typo.... thanks to &deity that racf is smart,
do You realize that with that command
You were trying to give alter capability to oprtcm to all the dataset in Your installation,
for the happiness of Your security auditing team |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
Yet I am unclear about this issue.
The ID is not authorized to create a new dataset with someone/other prefix.
According to my level of understanding,
Since the id (oprtcm) is having OPERATIONS attribute, it should have the access to all the datasets. am i right? |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10872 Location: italy
|
|
Back to top |
|
|
UmeySan
Active Member
Joined: 22 Aug 2006 Posts: 771 Location: Germany
|
|
|
|
Morning Sir !
So ok, as you said, you are in the admin-group and you have the right's.
There are multiple definitions for your ICH408I.
Your's: DEFINE - GROUP NOT DEFINED
This error occurs when RACF detects an unauthorized attempt to define a RACF-protected resource; for example, by way of RDEFINE for a general resource or ADDSD for a data set.
RACF prevents the request from completing.
User Response: Correct any spelling errors in the group ID and
try again. If you cannot remember the correct group ID, ask your
RACF security administrator to provide you with a valid group ID. |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
Thanks to all for your help and warning. |
|
Back to top |
|
|
Thiru Chandira Moorthi
New User
Joined: 20 Jun 2007 Posts: 29 Location: chennai
|
|
|
|
dear all,
i could resolve this issue, there was a mismatch in group attributes.
thanks. |
|
Back to top |
|
|
|