|
View previous topic :: View next topic
|
| Author |
Message |
soumyanamboo
New User
Joined: 16 Apr 2008
Posts: 13
Location: Chennai
|
|
|
|
please tell me how to check access to a PDS using REXX. i saw one prev post, asking to do the following.
| Quote: |
| "try to access it and see what you get for an error. Then code for that error. . " |
i am getting the following error.
ICH408I USER(U133598 ) GROUP(AJD25910) NAME(SOUMYA )
U168551.CICS.PGMS CL(DATASET ) VOL(LPRJ15)
INSUFFICIENT ACCESS AUTHORITY
FROM U168551.** (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
IEC150I 913-38,IFG0194E,U133598,IKJUSER,SYS00574,E427,LPRJ15,U168551.CICS.PGMS
MEMBERS :
IKJ58514I DATA SET 'U168551.CICS.PGMS' NOT USEABLE+
IKJ58514I OPEN ERROR CODE 913
please tell me how to handle this error using REXX program [/quote] |
|
| Back to top |
|
 |
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
why don' t You run a sstupid test and look at the execio return code ??
a three liner would be enough
| Code: |
/*REXX - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - */
Trace "I"
Address TSO "ALLOC FI(SYSUT1) DA('any_protected_dsname') SHR REUSE"
Address TSO "EXECIO * DISKR SYSUT1 ( FINIS STEM DATA."
|
sorry a four liner |
|
| Back to top |
|
|
soumyanamboo
New User
Joined: 16 Apr 2008
Posts: 13
Location: Chennai
|
|
|
|
sorry, i have to verify the access to a PDS.
for using the above mentioned code, first i need to get any of the member of this PDS. how can i get the member in the PDS if i don't have access to that. i am getting a syntax error here, that "The input or output file SYSUT1 is associated with a partitioned dataset. A member name must be specified."
please help |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
Ok I just made a generic sample...
anyway the point is that when You try to access a dataset for wich You dop not have the permission
the fact will be passed to the command invoked, usually with a high return code
in the example posted the return code was 20
You could treat as a generic system failure and tell the user to contact support...
anyway if the user insists the security audir people will get in touch with him/her
retested using a 'dataset(member)' and th rc was still 20
what are You usingto get the members list ?? |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19243
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| A member name must be specified |
So, use a "fake" member name and see what error is thrown. Then, proceed from there. |
|
| Back to top |
|
|
soumyanamboo
New User
Joined: 16 Apr 2008
Posts: 13
Location: Chennai
|
|
|
|
hi,
| Quote: |
| use a "fake" member name and see what error is thrown |
When i tried to put a fake member name
I am getting "System abend code 013, reason code 00000024".
ie The system could not OPEN one of your datasets properly, generally because of an incorrect DCB parameter (BLKSIZE), or it could not find the specified member of a partitioned dataset
Hence that option also will not work |
|
| Back to top |
|
|
UmeySan
Active Member
Joined: 22 Aug 2006
Posts: 771
Location: Germany
|
|
|
|
Hi !
So create a normaly-not-used member there and use this for the allocation test, enrico showed you.
MemberName could be $$$COIBM. Perhaps it's already there.
Regards, UmeySan |
|
| Back to top |
|
|
Srihari Gonugunta
Active User
Joined: 14 Sep 2007
Posts: 295
Location: Singapore
|
|
|
|
You can even use the following code snippet for verifying the access
ADDRESS ISPEXEC "LMINIT DATAID(dataid) DATASET('"YOUR DATSET"')"
ADDRESS ISPEXEC "LMOPEN DATAID("dataid") OPTION(INPUT)"
IF RC = 8 THEN SAY 'AUTHORIZATION REQUIRED' |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19243
Location: Inside the Matrix
|
|
|
|
Hello,
| Quote: |
| I am getting "System abend code 013, reason code 00000024". |
Yup, an 013-24 surely means a "member not found".
I'm surprised that the system checked for the member before authorization to access the dataset was checked.
Does anyone know if that is "a feature"? |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
I might be wrong...
but IIRC authorization checking comes after dataset checking
and then can ask racf to check the dataset profile
a dataset of the form "pdsname(membername)" follows the rules of a PS dataset |
|
| Back to top |
|
|
dick scherrer
Moderator Emeritus
Joined: 23 Nov 2006
Posts: 19243
Location: Inside the Matrix
|
|
|
|
Hi Enrico,
| Quote: |
authorization checking comes after dataset checking
and then can ask racf to check the dataset profile
a dataset of the form "pdsname(membername)" follows the rules of a PS dataset |
Thanks for the clarification.
As i'm (most often) one of the holders of the "keys to the kingdom", i've not been concerned with which checking might come first 
d |
|
| Back to top |
|
|
soumyanamboo
New User
Joined: 16 Apr 2008
Posts: 13
Location: Chennai
|
|
|
|
hi,
| Quote: |
ADDRESS ISPEXEC "LMINIT DATAID(dataid) DATASET('"YOUR DATSET"')"
ADDRESS ISPEXEC "LMOPEN DATAID("dataid") OPTION(INPUT)"
IF RC = 8 THEN SAY 'AUTHORIZATION REQUIRED'
|
This code is working. Thanks.
But still i have a doubt. If RC = 8, i am getting the error message, along with the message ''AUTHORIZATION REQUIRED'
ICH408I USER(U133598 ) GROUP(AJD25910) NAME(SOUMYA )
U168551.CICS.PGMS CL(DATASET ) VOL(LPRJ15)
INSUFFICIENT ACCESS AUTHORITY
FROM U168551.** (G)
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
IEC150I 913-38,IFG0194E,U133598,IKJUSER,ISP10327,E427,LPRJ15,U168551.CICS.PGMS
AUTHORIZATION REQUIRED
I need only the error message that i gave in the program('AUTHORIZATION REQUIRED').
Is there any way, not to list the other error message. |
|
| Back to top |
|
|
Srihari Gonugunta
Active User
Joined: 14 Sep 2007
Posts: 295
Location: Singapore
|
|
|
|
| Yes Soumya. I tried to suppress that display using outtrap, but it didn't work. Even you get the above message, the execution will continue without any problem. Hope this helps. |
|
| Back to top |
|
|
soumyanamboo
New User
Joined: 16 Apr 2008
Posts: 13
Location: Chennai
|
|
|
|
| Thanks, Srihari. |
|
| Back to top |
|
|
Pedro
Global Moderator
Joined: 01 Sep 2006
Posts: 2594
Location: Silicon Valley
|
|
|
|
> "try to access it and see what you get for an error. Then code for that error. . "
I would amend that to say 'try to query your access and see what you get for a response.'
You can check access by using the RACF command, LISTDSD, to list your authority.
Here is a snippet of a program...
| Code: |
x = outtrap("lines.",30,"NOCONCAT")
/*******************************************************************/
/* CHECK FOR A DISCRETE PROFILE */
/*******************************************************************/
Address TSO "LD DA("dsname") ALL"
ldrc = rc
If ldrc = 4 then
Do
/*****************************************************************/
/* EITHER NO PROFILE EXISTS OR NOT AUTHORIZED */
/*****************************************************************/
If substr(lines.1,1,8) ¬= "NOT AUTH" then
Do
/*************************************************************/
/* NO DISCRETE EXISTED, CHECK GENERIC */
/*************************************************************/
Address TSO "LD DA("dsname") GEN"
ldrc = rc
End
End
x = outtrap(OFF)
/*******************************************************************/
/* IF RETURN CODE WAS ZERO, YOU CAN LOOK AT THE DATASET. */
/*******************************************************************/
If ldrc = 0 Then
Do
|
FYI. I do not think the output from commands is a programming interface, so it may change. |
|
| Back to top |
|
|
|
|
