Page 1 of 1

SDSF/Rexx security

PostPosted: Mon Mar 04, 2013 9:06 pm
by LasseH
My goal: Extracting sdsf sysout to put in a PDS

First Fetch all jobs in Held-queue and msgclass=H by this command
ISFPREFIX = 'LASSE'
ISFEXEC HH (DELAYED PREFIX JH_)

Result 1 hit.

Next, try to extract all DDNAMEs for that job by
ISFACT HH TOKEN('jh_token') PARM(NP ?) PREFIX JDS_)

Now to the problem
Running with my userid, everything OK
Running with other userid, no hit , and these messages:

3 messages in the ISFMSG2 stem
ISF776I Processing started for action 1 of 1.
ISF747E Action request rejected, row not found.
ISF767I Request completed.
0 messages in the ISFULOG stem

Assuming that the user don't have authority (if so, why doesn't SDSF tell me that)

The failing user can do this command in ISPF (SDSF)

The result for this user on QUERY command is
ACTION
DA
DEST
ENC
FINDLIM
H
I
INIT
INPUT
JC
JP
LINES
LOG
MAS
NODES
O
OWNER
PR
PREFIX
PUN
RDR
RES
SE
SO
ST
SYSID
SYSNAME
ULOG

and for WHO command
USERID=ABCDEF
PROC=REXX
TERMINAL=
GRPINDEX=2
GRPNAME=OPER
MVS=z/OS 01.12.00
JES=z/OS1.12
SDSF=HQX7770
ISPF=N/A
RMF/DA=NOTACC
SERVER=YES
SERVERNAME=SDSF
JESNAME=JES2
MEMBER=SYST
JESTYPE=JES2
SYSNAME=SYST
SYSPLEX=SYST
COMM=NOTAVAIL

Re: SDSF/Rexx security

PostPosted: Mon Mar 04, 2013 10:00 pm
by Robert Sample
Assuming that the user don't have authority (if so, why doesn't SDSF tell me that)
1. Why should SDSF tell you when it is the security package controlling access?
2. Security questinos need to go through your site security group -- any answers you get on this forum may be wrong or misleading since we do not know your site's set up and security policies.
3. Be aware that management penalties for NOT going through the security group for issues like you are dealing with can lead to repercussions up to and including termination of the employee for violation of site policy.

Re: SDSF/Rexx security

PostPosted: Wed Mar 06, 2013 6:21 pm
by LasseH
Opppps, Robert (global moderator!!!)

I don't want to be rude, but thanks for nothing.
My question wasn't about if I'm getting fired or not, (which probably is none of Your business)

I'm part of the "security group" and my problem was, if You have read my text, that one of MY userid's didn't work when running SDSF in batch (but it works, for both users, when doing the same in SDSF/ISPF.
I was only looking for someone who could lead me in right direction.
Hopefully I can get some help from somebody who wants to help people that are not perfect.
//Lasse

Re: SDSF/Rexx security

PostPosted: Wed Mar 06, 2013 6:42 pm
by BillyBoyo
If you don't want to be rude, why write that?

You didn't mention that you were "security" and it seemed perfectly reasonable that it would be the security package, rather than SDSF, who would "bounce" a security infringement.

Did you look up the message?

Explanation: A row token referencing a row that no longer exists was encountered during processing of an ISFACT command. The requested action is not performed.


What is different between you and your user on the QUERY and WHO?

Re: SDSF/Rexx security

PostPosted: Wed Mar 06, 2013 7:10 pm
by Robert Sample
In other words, YOU did not post complete information about the problem and the facts behind it, yet it became MY issue when I responded to what you posted. I think you either need to learn how to ask full, complete questions or stop asking questions on forums, then. And warnings about consequences are normal on this forum since it is fairly common for someone to ask how to bypass or otherwise avoid security on their site to do somehting.