PuTTY - "User is not a surrogate of "VSAMSVCT"

madsanchez · Posted: Wed Nov 15, 2023 11:19 pm

Hi all, I'm looking for some insight on an issue our team ran into from a PuTTY user.

This team was in the process of getting setup for VSAM service in Production and getting an error from this particular user ID (let's call him U000000).

We looked at what group U000000 was in, and granted that group ALTER access to the data set profile VSAMSVCT.** in RACF. However, U000000 still received the same error.

We checked u000000 OMVS and home directory, and nothing looked out of the ordinary.

Any advice? [img][/img]

Pedro · Posted: Thu Nov 16, 2023 2:15 am

Message FSUM5027 explains it somewhat ok.

see: www.ibm.com/docs/en/zos/2.3.0?topic=messages-fsum5027

Summary is that you need a profile in the RACF SURROGATE class instead of the data set class. And grant permission to the user.

about surrogates: www.ibm.com/docs/en/sia?topic=ac-surrogate-user-id-2

vasanthz · Posted: Thu Nov 16, 2023 2:21 am

If I am not wrong,

The su -s - VSAMSVCT
switches the current user to VSAMSVCT. How would granting access to a dataset profile make the current user a surrogate user to VSAMSVCT?

I think you have to follow the steps here to setup VSAMSCVT as surrogate ID to U000000.
www.ibm.com/docs/en/sia?topic=ac-surrogate-user-id-2

madsanchez · Posted: Fri Nov 17, 2023 12:16 am

vasanthz · Posted: Fri Nov 17, 2023 1:21 am

spit balling here,

Have you checked if VSAMSCVT has an OMVS segment?

Pedro · Posted: Fri Nov 17, 2023 1:29 am

re: "We looked at what group U000000 was in"

Please confirm that your site has list-of-groups checking enabled.

For problem determination, consider permitting the user directly rather than the group.