DFHAC2033 26/09/95 15:18:44 CICSSYS1 You are not authorized to use
transaction CEMT. Check that the transaction name is correct.
ICH408I USER(USR001 ) GROUP(GRP001 ) NAME(AUSER )
ICH408I CEMT CL(TCICSTRN)
ICH408I INSUFFICIENT ACCESS AUTHORITY
ICH408I ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
This message indicates that user USR001, whose name as recorded in the RACF user profile is AUSER, and whose current RACF connect group is GRP001, attempted to use the CEMT transaction. To do this, AUSER needs to have at least READ access to the profile protecting the CEMT transaction. However, RACF determined that AUSER had no access authority.
DFHXS1111 26/09/95 13:30:41 CICSSYS1 CEMT Security violation
by user USR001 at netname D2D1 for resource CEMT in class
TCICSTRN. SAF codes are (X'00000008',X'00000000'). ESM codes
are (X'00000008',X'00000000').
The following message is also
sent to the CSMT transient data queue:
DFHAC2003 26/09/95 15:18:44 CICSSYS1 Security violation has been
detected term id = D2D1, trans id = CEMT, userid = USR001.
It appears from the ICH408I message that profile CEMT in class TCICSTRN protects CEMT. However, this is not necessarily the case. A resource group profile (in class GCICSTRN) might protect CEMT. In fact, in this case, there is no profile named CEMT. If a system-SPECIAL or AUDITOR user issues the SEARCH command with CLASS(TCICSTRN) specified, no profile named CEMT would appear.
RLIST member-class resource-name RESGROUP
In this case, issue the following:
RLIST TCICSTRN CEMT RESGROUP
CLASS NAME
----- ----
TCICSTRN CEMT
GROUP CLASS NAME
----- ----- ----
GCICSTRN
RESOURCE GROUPS
-------- ------
CAT2
The profiles in class GCICSTRN that protect
CEMT are shown under RESOURCE GROUPS in the command output. In this case,
only one profile (CAT2) protects profile CEMT.RLIST GCICSTRN CAT2 AUTHUSER
RACF displays the following:
CLASS NAME
----- ----
GCICSTRN CAT2
MEMBER CLASS NAME
------ ----- ----
TCICSTRN
RESOURCES IN GROUP
--------- -- -----
CDBC
CDBI
CBRC
CEDA
CEMT
CETR
LEVEL OWNER UNIVERSAL ACCESS YOUR ACCESS WARNING
----- -------- ---------------- ----------- -------
⋮
NOTIFY
------
NO USER TO BE NOTIFIED
USER ACCESS ACCESS COUNT
---- ------ ------ -----
DEPTA ALTER 000000
USR001 NONE 000000
-------- ------- ------------ -------- --------------------------
NO ENTRIES IN CONDITIONAL ACCESS LIST