ISF024I USER acidname NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT

book

Article ID: 51114

calendar_today

Updated On:

Products

CA Cleanup CA Top Secret CA Top Secret - LDAP CA Top Secret - VSE

Issue/Introduction



When an ACID is used to submit jobs that use SDSF in batch, the following message occurs and the job fails:
 
ISF024I USER acidname NOT AUTHORIZED TO SDSF, NO GROUP ASSIGNMENT.
 
The ACID has TSOAUTH(JCL) and TSOAUTH(OPER).
 
The ACID was added to the ISFPRMxx member and SDSF was recycled, but the ISF024I message still occurs.

What needs to be done to stop the ISF024I message from occurring? 

Environment

Release: TOPSEC00400-12.1-Top Secret-Security
Component:

Resolution

When SDSF runs in batch, it looks for an authorization which associates the userid submitting the job to an SDSF GROUP. So having TSOAUTH(JCL) and/or TSOAUTH(OPER) is not enough. When using ISFPARMS, the NTBLENT entry in the NTBL list for the ACID being used is required. The NTBLENT entry in the NTBL statement specifies such things as user IDs, job names, and destination names to further qualify group membership and authority. This is associated with an ISFGRP macro or GROUP statement. For example:
 
GROUP  NAME(GRUPNAMA),          
.                                
.                                
GROUP  ACTION(?..   ,            
.                                 
.                                
/********************/           
/* SYSTEM NTBL LIST      */      
/********************/           
NTBL NAME(name)                  
.                                
.                                
NTBLENT STRING(acidname),OFFSET(1)
 
where ‘acidname’ is the ACID receiving the ISF024I message.