IBM Mainframe Forum Index
 
Log In
 
IBM Mainframe Forum Index Mainframe: Search IBM Mainframe Forum: FAQ Register
 

PuTTY - "User is not a surrogate of "VSAMSVCT"


IBM Mainframe Forums -> IBM Tools
Post new topic   Reply to topic
View previous topic :: View next topic  
Author Message
madsanchez

New User


Joined: 27 Jul 2023
Posts: 8
Location: United States

PostPosted: Wed Nov 15, 2023 11:19 pm
Reply with quote

Hi all, I'm looking for some insight on an issue our team ran into from a PuTTY user.

This team was in the process of getting setup for VSAM service in Production and getting an error from this particular user ID (let's call him U000000).

We looked at what group U000000 was in, and granted that group ALTER access to the data set profile VSAMSVCT.** in RACF. However, U000000 still received the same error.

We checked u000000 OMVS and home directory, and nothing looked out of the ordinary.

Any advice? [img][/img]
Back to top
View user's profile Send private message
Pedro

Global Moderator


Joined: 01 Sep 2006
Posts: 2569
Location: Silicon Valley

PostPosted: Thu Nov 16, 2023 2:15 am
Reply with quote

Message FSUM5027 explains it somewhat ok.

see: www.ibm.com/docs/en/zos/2.3.0?topic=messages-fsum5027

Summary is that you need a profile in the RACF SURROGATE class instead of the data set class. And grant permission to the user.

about surrogates: www.ibm.com/docs/en/sia?topic=ac-surrogate-user-id-2
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1743
Location: Tirupur, India

PostPosted: Thu Nov 16, 2023 2:21 am
Reply with quote

If I am not wrong,

The su -s - VSAMSVCT
switches the current user to VSAMSVCT. How would granting access to a dataset profile make the current user a surrogate user to VSAMSVCT?

I think you have to follow the steps here to setup VSAMSCVT as surrogate ID to U000000.
www.ibm.com/docs/en/sia?topic=ac-surrogate-user-id-2
Back to top
View user's profile Send private message
madsanchez

New User


Joined: 27 Jul 2023
Posts: 8
Location: United States

PostPosted: Fri Nov 17, 2023 12:16 am
Reply with quote

Pedro wrote:
Message FSUM5027 explains it somewhat ok.

see: www.ibm.com/docs/en/zos/2.3.0?topic=messages-fsum5027

Summary is that you need a profile in the RACF SURROGATE class instead of the data set class. And grant permission to the user.

about surrogates: www.ibm.com/docs/en/sia?topic=ac-surrogate-user-id-2



We tried that yesterday afternoon. We added U000000's group profile (lets call it group ABC#123) to Class Surrogate of BPX.SRV.VSAMSVC* and gave them READ access.

We also added group ABC#123 ALTER access to dataset profile VSAMSVCT.**

A part of me wonders if this is a user error on behalf of the PuTTY user? Because we defined the correct SURROGAT profile (at least I think we did? lol)

This forum posting gave me a little more context into that thought - www.ibmmainframeforum.com/mainframe-security/topic10013.html
Back to top
View user's profile Send private message
vasanthz

Global Moderator


Joined: 28 Aug 2007
Posts: 1743
Location: Tirupur, India

PostPosted: Fri Nov 17, 2023 1:21 am
Reply with quote

spit balling here,

Have you checked if VSAMSCVT has an OMVS segment?
Back to top
View user's profile Send private message
Pedro

Global Moderator


Joined: 01 Sep 2006
Posts: 2569
Location: Silicon Valley

PostPosted: Fri Nov 17, 2023 1:29 am
Reply with quote

re: "We looked at what group U000000 was in"

Please confirm that your site has list-of-groups checking enabled.

For problem determination, consider permitting the user directly rather than the group.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic View Bookmarks
All times are GMT + 6 Hours
Forum Index -> IBM Tools

 


Similar Topics
Topic Forum Replies
No new posts can an ISPF appl save user changes in... TSO/ISPF 14
No new posts COBOL 6.4 - User Defined Function nee... COBOL Programming 6
No new posts How to delete a user's alias from the... JCL & VSAM 11
No new posts user exit in IBM Infosphere Optim DB2 8
No new posts Running a Job with the Default User ID JCL & VSAM 2
Search our Forums:

Back to Top