Running batch utility DDTRSLM to export a SQL plan receives error message:

DDTRS0015E GET_SQLN FAILED DSF COMMAND GETENTIT, RC: XTS.

z/OS

The XTS016 error indicates the user does not have external security access to perform the function:

USER NOT AUTHORIZED

Reason:

You attempted to perform a function for which you are not authorized in the external security product operating on your system.

Action:

Contact the person responsible for the security administration of your system for the appropriate change to your security profile.

The DTUTIL resource class is used to control access to Datadictionary facilities including DDTRSLM.

In RACF the class name is DT@TIL; in ACF2 it is DTU; in Top Secret it is DTUTIL.

The name of the resource class to use for DDTRSLM is cxxname.DD0nnnn.DDTRSLM  where nnnnn is the DBID of Datadictionary (002 by default).

For example, if using a cxxname of TESTCXX the resource name would be TESTCXX.DD00002.DDTRSLM

In RACF define the resource  like this: RDEF DT@TIL TESTCXX.DD00002.DDTRSLM UACC(NONE)

Then grant READ access to a user with a PERMIT command: PERMIT TESTCXX.DD00002.DDTRSLM CLASS(DT@TIL) ACCESS(READ) ID(userid)

The user also needs to be granted access to the Datadictionary entity using the resource class name of cxxname.DD0nnnn.table.stat.fnc

For example to grant access to all PLANs: 

RDEF DT@TIL TESTCXX.DD00002.PLN.**  UACC(NONE)

PERMIT TESTCXX.DD00002.PLN.** CLASS(DT@TIL) ACCESS(READ) ID(userid)

To grant access to all entities: 

RDEF DT@TIL TESTCXX.DD00002.**  UACC(NONE)

PERMIT TESTCXX.DD00002.** CLASS(DT@TIL) ACCESS(READ) ID(userid)

For more details about the different facilities and entities, see documentation sections Facilities Resource List and Entity-Type Resource List