|
View previous topic :: View next topic
|
| Author |
Message |
drowelf
Warnings : 1
New User
Joined: 03 Mar 2006
Posts: 47
Location: Simpsonville, SC
|
|
|
|
I'm working on developing a utility for our Configuration Management Group. They are non-programmers and have asked for a utility that will take a list of datasets and create backups. The candidate list will only contain Sequential (PS), Partitioned (PDS) or Libraries (PDS-E).
All works fine for Sequential datasets (using IEBGENER), but when I attempt to call IEBCOPY I get the following error.
IEB1099I *** IEBCOPY IS NOT APF AUTHORIZED ***
I've tried calling IEBCOPY via ATTACHMVS, LINKMVS and simple Call, but it always fails. I've never seen this message the description in the manual does not help much. Since the Job has no STEPLIB I'm not sure how or where the non-authorized library is being accessed.
Here is the JCL executing the Rexx Exec.
//S7NOTIFY EXEC PGM=IKJEFT01,COND=(EVEN),
// PARM='SymDsBak'
//*
//SYSEXEC INCLUDE MEMBER=C5SYSEXE
//*
//SYSTSIN DD DUMMY
//SYSTSPRT DD SYSOUT=&SYSOUT
//SYSPRINT DD SYSOUT=&SYSOUT
//*
//DSLIST DD DISP=SHR,DSN=DCT.ENV.PC05.SYSIN.REL500(DSLIST)
//*
//ABENDAID DD SYSOUT=&SYSOUT
//SYSABEND DD SYSOUT=&SYSOUT
//*
//SNAPIT DD SYSOUT=&SYSOUT
//*
//LOGFILE DD SYSOUT=&SYSOUT
Here is the SYSPRINT output.
IEBCOPY MESSAGES AND CONTROL STATEMENTS PAGE 1
IEB1135I PGM_NAME FMID HDZ1A10 SERVICE LEVEL UA53210 DATED 20100315 DFSMS 01.11.00 z/OS 01.11.00 HBB7760 CPU 2098
IEB1035I CXXREXX S7NOTIFY 20:22:03 SUN 29 JAN 2012 PARM=''
IEB1099I *** IEBCOPY IS NOT APF AUTHORIZED ***
COPY INDD=INDD,OUTDD=OUTDD
IEB1013I COPYING FROM PDS INDD=INDD VOL=MS1G93 DSN=PRD.SOC1.CMN.PC05.CDPLIB0
IEB1014I TO PDS OUTDD=OUTDD VOL=MS1T02 DSN=TST.SOC1.CMN.PC05.CDPLIB0.D120129
IEB1099E *** IEBCOPY IS NOT APF AUTHORIZED ***
IEB151I JOB HAS TERMINATED WITH ERROR(S)
IEB147I END OF JOB - 8 WAS HIGHEST SEVERITY CODE |
|
| Back to top |
|
 |
dbzTHEdinosauer
Global Moderator
Joined: 20 Oct 2006
Posts: 6966
Location: porcelain throne
|
|
|
|
| did you per chance make the utility that you wrote APF authorized? |
|
| Back to top |
|
|
drowelf
Warnings : 1
New User
Joined: 03 Mar 2006
Posts: 47
Location: Simpsonville, SC
|
|
|
|
| dbzTHEdinosauer wrote: |
| did you per chance make the utility that you wrote APF authorized? |
Its written in REXX, so do I need to do this? and if so how does one? |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
any reason not to use DFDSS (ADRDSSU) with something like
| Code: |
| DUMP ... INCLUDE( <your dataset list>) ... |
otherwise check with Your support if the IKJTSOxx being used contains something along the lines of
| Code: |
AUTHPGM NAMES( /* AUTHORIZED PROGRAMS */ +
IEBCOPY /* */ +
IEHMOVE) /* */ |
and
| Code: |
AUTHTSF NAMES( /* PROGRAMS TO BE AUTHORIZED */ +
/* WHEN CALLED THROUGH THE TSO */ +
/* SERVICE FACILITY. */ +
IEBCOPY /* */ +
IKJEFF76) /* */ |
|
|
| Back to top |
|
|
drowelf
Warnings : 1
New User
Joined: 03 Mar 2006
Posts: 47
Location: Simpsonville, SC
|
|
|
|
I asked about that originally and ADRDSSU is not a viable option as they want to be able to utilize the data in the backups for comparison and other purposes.
I checked the IKJTSOxx member in SYS1.PARMLIB and IEBCOPY are in both the AUTHTSF and AUTHPGM lists. Its also in the AUTHCMD list too. |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
well... with the scarce info You posted the chances of getting any help are pretty slim ..
here anyway the results of a quick and dirty test
the jcl
| Code: |
****** ***************************** Top of Data ******************************
000001 //ENRICO1 JOB NOTIFY=&SYSUID,
000002 // REGION=0M,
000003 // MSGLEVEL=(1,1),CLASS=A,MSGCLASS=X
000004 //*
000005 //IKJ EXEC PGM=IKJEFT01,PARM=IEBC
000006 //SYSPROC DD DISP=SHR,DSN=ENRICO.ISPF.EXEC
000007 //SYSPRINT DD SYSOUT=*
000008 //SYSTSPRT DD SYSOUT=*
000009 //SYSTSIN DD DUMMY
****** **************************** Bottom of Data **************************** |
the REXX script
| Code: |
EDIT ENRICO.ISPF.EXEC(IEBC) - 01.09 Columns 00001 00072
Command ===> Scroll ===> CSR
****** ***************************** Top of Data ******************************
000001 /*REXX */
000002 Trace "O"
000003 say $tsoex( "ALLOC FI(SYSUT1) DA('ENRICO.ISPF.JCL') SHR REUSE" )
000004 say $tsoex( "ALLOC FI(SYSUT2) DA('ENRICO.ISPF.JCL2') SHR REUSE" )
000005 say $tsoex( "ALLOC FI(SYSIN) DUMMY REUSE" )
000006 say $tsoex( "ALLOC FI(SYSPRINT) DUMMY REUSE" )
000007 say $tsoex( "CALL*(IEBCOPY)" )
000008 say $tsoex( "ALLOC FI(SYSPRINT) DA(*) REUSE" )
000009 say $tsoex( "FREE FI(SYSIN,SYSUT2,SYSUT1) " )
000010 Exit 0
000011
000012 /* */
000013 $tsoex:
000014 tso_0tr = trace("O")
000015 Address TSO arg(1)
000016 tso_0rc = rc
000017 trace value(tso_0tr)
000018 return tso_0rc
****** **************************** Bottom of Data **************************** |
tested and working!
( to see what happens during the IEBCOPY You might delete the ALLOC/FREE For SYSPRINT )
good luck |
|
| Back to top |
|
|
drowelf
Warnings : 1
New User
Joined: 03 Mar 2006
Posts: 47
Location: Simpsonville, SC
|
|
|
|
| enrico-sorichetti wrote: |
well... with the scarce info You posted the chances of getting any help are pretty slim ..
|
Scarce Info? What additional information would help? I've provided the JCL that executes this and the SYSPRINT Results. Would the actual REXX Exec help? |
|
| Back to top |
|
|
drowelf
Warnings : 1
New User
Joined: 03 Mar 2006
Posts: 47
Location: Simpsonville, SC
|
|
|
|
After looking at Enrico's previous post I went back and tried something.
Now if I call IEBCOPY via any of the following methods
| Code: |
Address LinkMvs "IEBCOPY"
Address AttachMvs "IEBCOPY"
Call "IEBCOPY"
|
Then I get the
IEB1099I *** IEBCOPY IS NOT APF AUTHORIZED ***
message.
But if I call it using the form
| Code: |
Address TSO "Call *(IEBCOPY)"
|
then is succeeds. Now my question is why? |
|
| Back to top |
|
|
Akatsukami
Global Moderator
Joined: 03 Oct 2009
Posts: 1787
Location: Bloomington, IL
|
|
|
|
| drowelf wrote: |
After looking at Enrico's previous post I went back and tried something.
Now if I call IEBCOPY via any of the following methods
| Code: |
Address LinkMvs "IEBCOPY"
Address AttachMvs "IEBCOPY"
Call "IEBCOPY"
|
Then I get the
IEB1099I *** IEBCOPY IS NOT APF AUTHORIZED ***
message.
But if I call it using the form
| Code: |
Address TSO "Call *(IEBCOPY)"
|
then is succeeds. Now my question is why? |
Do not CALL "FOO" and CALL*(FOO) refer to two different instances of FOO? |
|
| Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007
Posts: 10888
Location: italy
|
|
|
|
| Quote: |
| Do not CALL "FOO" and CALL*(FOO) refer to two different instances of FOO? |
well... quick and dirty comment
CALL <foo> is a rexx instruction/construct
CALL *(<foo>) is A TSO instruction/construct ( gives an error if coded without quotes
should be "CALL *(<foo>)"
IIRC for apf and parameter passing that' s a lot of difference |
|
| Back to top |
|
|
Pedro
Global Moderator
Joined: 01 Sep 2006
Posts: 2594
Location: Silicon Valley
|
|
|
|
| Quote: |
| then it succeeds. Now my question is why? |
Because of system integrity issues, you cannot have a non-APF program call an APF authorized program. Called programs inherit the parent's authorization. Having the rexx processor call IEBCOPY directly causes it to be executed as non-APF.
But apparently, rexx -> Adress TSO -> IEBCOPY works because the "IKJTSOxx member in SYS1.PARMLIB " processing is done. The other flavors of invoking it do not do this additional processing. |
|
| Back to top |
|
|
nevilh
Active User
Joined: 01 Sep 2006
Posts: 262
|
|
|
|
| Quote: |
Address LinkMvs "IEBCOPY"
Address AttachMvs "IEBCOPY"
Call "IEBCOPY"
|
This is documented in the REXX Reference manual
| Quote: |
TSO/E provides the LINK, LINKMVS, and LINKPGM host command environments
that let you link to unauthorized programs on the same task level.
TSO/E also provides the ATTACH, ATTCHMVS, and ATTCHPGM host command
environments that let you attach unauthorized programs on a different task
level. |
If you use Address TSO "Call *(IEBCOPY)"
You will use standard TSO interface and the parmlib settings mentioned by Enrico come into play |
|
| Back to top |
|
|
nevilh
Active User
Joined: 01 Sep 2006
Posts: 262
|
|
|
|
| A quick update, as of z/OS 1.13 IEBCOPY no longer needs to be APF authorised. If you can persuade your sysprogs to install 1.13 your problem will go away. |
|
| Back to top |
|
|
|
|
