SDSF/Rexx security



IBM's Command List programming language & Restructured Extended Executor

SDSF/Rexx security

Postby LasseH » Mon Mar 04, 2013 9:06 pm

My goal: Extracting sdsf sysout to put in a PDS

First Fetch all jobs in Held-queue and msgclass=H by this command
ISFPREFIX = 'LASSE'
ISFEXEC HH (DELAYED PREFIX JH_)

Result 1 hit.

Next, try to extract all DDNAMEs for that job by
ISFACT HH TOKEN('jh_token') PARM(NP ?) PREFIX JDS_)

Now to the problem
Running with my userid, everything OK
Running with other userid, no hit , and these messages:

3 messages in the ISFMSG2 stem
ISF776I Processing started for action 1 of 1.
ISF747E Action request rejected, row not found.
ISF767I Request completed.
0 messages in the ISFULOG stem

Assuming that the user don't have authority (if so, why doesn't SDSF tell me that)

The failing user can do this command in ISPF (SDSF)

The result for this user on QUERY command is
ACTION
DA
DEST
ENC
FINDLIM
H
I
INIT
INPUT
JC
JP
LINES
LOG
MAS
NODES
O
OWNER
PR
PREFIX
PUN
RDR
RES
SE
SO
ST
SYSID
SYSNAME
ULOG

and for WHO command
USERID=ABCDEF
PROC=REXX
TERMINAL=
GRPINDEX=2
GRPNAME=OPER
MVS=z/OS 01.12.00
JES=z/OS1.12
SDSF=HQX7770
ISPF=N/A
RMF/DA=NOTACC
SERVER=YES
SERVERNAME=SDSF
JESNAME=JES2
MEMBER=SYST
JESTYPE=JES2
SYSNAME=SYST
SYSPLEX=SYST
COMM=NOTAVAIL
LasseH
 
Posts: 50
Joined: Mon Nov 08, 2010 2:51 pm
Has thanked: 3 times
Been thanked: 1 time

Re: SDSF/Rexx security

 

Re: SDSF/Rexx security

Postby Robert Sample » Mon Mar 04, 2013 10:00 pm

Assuming that the user don't have authority (if so, why doesn't SDSF tell me that)
1. Why should SDSF tell you when it is the security package controlling access?
2. Security questinos need to go through your site security group -- any answers you get on this forum may be wrong or misleading since we do not know your site's set up and security policies.
3. Be aware that management penalties for NOT going through the security group for issues like you are dealing with can lead to repercussions up to and including termination of the employee for violation of site policy.
Robert Sample
Global moderator
 
Posts: 3367
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 222 times

Re: SDSF/Rexx security

Postby LasseH » Wed Mar 06, 2013 6:21 pm

Opppps, Robert (global moderator!!!)

I don't want to be rude, but thanks for nothing.
My question wasn't about if I'm getting fired or not, (which probably is none of Your business)

I'm part of the "security group" and my problem was, if You have read my text, that one of MY userid's didn't work when running SDSF in batch (but it works, for both users, when doing the same in SDSF/ISPF.
I was only looking for someone who could lead me in right direction.
Hopefully I can get some help from somebody who wants to help people that are not perfect.
//Lasse
LasseH
 
Posts: 50
Joined: Mon Nov 08, 2010 2:51 pm
Has thanked: 3 times
Been thanked: 1 time

Re: SDSF/Rexx security

Postby BillyBoyo » Wed Mar 06, 2013 6:42 pm

If you don't want to be rude, why write that?

You didn't mention that you were "security" and it seemed perfectly reasonable that it would be the security package, rather than SDSF, who would "bounce" a security infringement.

Did you look up the message?

Explanation: A row token referencing a row that no longer exists was encountered during processing of an ISFACT command. The requested action is not performed.


What is different between you and your user on the QUERY and WHO?
BillyBoyo
Global moderator
 
Posts: 3804
Joined: Tue Jan 25, 2011 12:02 am
Has thanked: 22 times
Been thanked: 264 times

Re: SDSF/Rexx security

Postby Robert Sample » Wed Mar 06, 2013 7:10 pm

In other words, YOU did not post complete information about the problem and the facts behind it, yet it became MY issue when I responded to what you posted. I think you either need to learn how to ask full, complete questions or stop asking questions on forums, then. And warnings about consequences are normal on this forum since it is fairly common for someone to ask how to bypass or otherwise avoid security on their site to do somehting.
Robert Sample
Global moderator
 
Posts: 3367
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 222 times


Return to CLIST & REXX

 


  • Related topics
    Replies
    Views
    Last post