Previous topic |
Next topic |
Contents |
Contact z/OS |
Library |
PDF
ICH408I z/OS Security Server RACF Messages and Codes SA23-2291-00 |
|
ICH408I INSUFFICIENT AUTHORITY TO syscall-name [CMD(subcommand)]
[: UNABLE TO PROCESS ACL] [: SECURITY LABEL FAILURE] ExplanationThis error occurs when RACF® detects an attempt to specify an z/OS UNIX function for which the user does not have authority. Syscall-name identifies the z/OS UNIX callable service that invoked RACF. Subcommand identifies the subcommand of syscall-name, where appropriate. If present, subcommand is either IPC_RMID or IPC_SET. The text ":UNABLE TO PROCESS ACL" is displayed if a file access check detected that an ACL exists for the file, but it cannot be retrieved. In this case, the "ACCESS INTENT ...ACCESS ALLOWED..." portion of ICH408I is not displayed. This most likely indicates that a release level mismatch exists among nodes in a SYSPLEX. For example, if an ACL is created for a file by an uplevel node, access attempts to this file from a downlevel node fails with this message text. Similarly, if an ACL is created for a file by an uplevel node, and the file system in which it resides is then mounted by a downlevel node, access attempts to this file fails with this message text. The text ": SECURITY LABEL FAILURE", is displayed if the user was running with an inappropriate security label, or the resource did not have a security label when one was required. When subcommand is present in the message, "SECLABEL" is displayed instead of "SECURITY LABEL". System actionRACF returns an error return code to the invoking system function, which returns an error return code to the application caller or causes the calling task to abend. See z/OS UNIX System Services Programming: Assembler Callable Services Reference to determine the action of the syscall functions. Programmer responseProvide appropriate information about the failure to the user of your program, based on the function invoked and the return codes received. If "UNABLE TO PROCESS ACL" is displayed, then you must upgrade all nodes in the sysplex to a level of code that supports ACLs. If you require immediate access to the file, try unmounting the file system from the current node, remounting it on an uplevel node, and accessing it from an uplevel node. If a security label failure is indicated, ensure that the resources accessed by your program have the correct security labels. Note:
|
Copyright IBM Corporation 1990, 2014
|