RACF

Issue: User reported that the he is not able to Delete / Purge his held output in SDSF

User DONP001, a member of group DONGRP, whose name is DONP001, had INSUFFICIENT ACCESS AUTHORITY to resource JES2.CANCEL.BAT and MVS.MCSOPER.DONP001, which are in class OPERCMDS.

Below is the log generated on the MCS console/SDSF

ICH408I USER(DONP001 ) GROUP(DONPGRP ) NAME(DONP001)

JES2.CANCEL.BAT CL(OPERCMDS)

INSUFFICIENT ACCESS AUTHORITY

FROM JES2.** (G)

ACCESS INTENT(UPDATE ) ACCESS ALLOWED(NONE)

Also

ICH408I USER(DONP001 ) GROUP(DONPGRP ) NAME(DONP001 )

MVS.MCSOPER.DONP001 CL(OPERCMDS)

INSUFFICIENT ACCESS AUTHORITY

FROM MVS.MCSOPER.* (G)

ACCESS INTENT(READ ) ACCESS ALLOWED(NONE)

***

The access attempted by user DONP001 was UPDATE, but the access allowed by RACF was READ. Therefore, user DONP001 was denied access.

Resolution:

The RACF admin has to give appropriate access to the user DONP001 by following RACF command:

TSO PERMIT JES2.** CLASS(OPERCMDS) ID(DONP001) ACCESS(UPDATE)

TSO PERMIT MVS.MCSOPER.* CLASS(OPERCMDS) ID(DONP001) ACCESS(READ)