Dezhi Systems support site

[steve-myers]

Over the past few days, the admins have revoked system access to a number of users because it appears they are attempting to damage the system. Normally these users would be deleted, but the admins feel it is just barely possible these users are doing something innocent. A revoked user can be brought back to the system; a deleted user and the user's datasets are gone for good.

The admins are seeing these messages --

Code: Select all

ICH408I USER(C111    ) GROUP(USERG02 ) NAME(CRAIG               )
  CATALOG.USERS8.UCAT CL(DATASET ) VOL(FAN003)
  INSUFFICIENT ACCESS AUTHORITY
  FROM CATALOG.** (G)
  ACCESS INTENT(ALTER  )  ACCESS ALLOWED(UPDATE )
IEC161I 040(056,006,IGG0CLFT)-002,C111,SYSUSER SYSUSER,SYS00084,,,
IEC161I CATALOG.USERS8.UCAT


There are two possible interpretations of the IEC161I message -

• It's a normal message for access not allowed.
• An unauthorized program is attempting to open a catalog as a dataset. If you don't know what is meant by that, you don't know enough to do anything useful with the catalog. If you do know what is meant by that, it still won't help you: the admins will not normally allow a user to insert an "authorized" program into the system, AND IBM has never disclosed in detail the format of catalog entries, so you cannot write a program to do anything useful.

ACCESS INTENT(ALTER ) does not mean what you might think it means. What it really means is an attempt is being made to change catalog attributes in some way. Normal catalog access issues such as adding new entries to a catalog or deleting catalog entries either through JCL or through most IDCAMS commands just require UPDATE catalog access, which everyone has to most catalogs.

If you believe you have done something innocent, let us know. If the admins believe you, your userid will be restored. Otherwise it will remain revoked until it is deleted for non-use.

[michel123]

hello all,

I wanted to connect this evening, because I return the machine for further certain supplements in COBOL with VSAM access, but I was the disagreeable surprise of see that my user access had been revoked. SYSPROG or Prino, can you give me access to Fandezhi, please? It was a great way for me to revise my knowledge, and now flies all!

Thanks.

Michel.

My Userid : PG8997

[steve-myers]

Your ID was revoked because it appeared it intended to damage the system. It will not be restored until you tell us what you actually intended to do, which you have not done. The admins have seen a growing number of these incidents, but they do not know if this is simple stupidity or if there is malice intended. The increase in volume seems to indicate malice.

Code: Select all

ICH408I USER(PG8997  ) GROUP(USERG01 ) NAME(V33PG07             )
  CATALOG.USERS6.UCAT CL(DATASET ) VOL(FAN003)
  INSUFFICIENT ACCESS AUTHORITY
  FROM CATALOG.** (G)
  ACCESS INTENT(ALTER  )  ACCESS ALLOWED(UPDATE )
IEC161I 040(056,006,IGG0CLFT)-002,PG8997,SYSUSER SYSUSER,NEWDD,,,
IEC161I CATALOG.USERS6.UCAT


I suggest you read the initial post for this topic with care.

[steve-myers]

Your ID has been reinstated; PRINO put in a good word for you. I still would like to know what you were doing.

[steve-myers]

KIMAN33 got caught 08 July. Prino captured the output for a job that got this problem. It looked like the JCL specified

//ADD DD DISP=OLD,DSN=KIMAN33(member)

The program then attempted to open the dataset, and that caused the error.

Since no harm resulted from this, and it appeared to be stupidity rather than malice, KIMAN33's ID has been restored.

[steve-myers]

DEZHIMF apparently opened a VTOC for output 09 July. The ID has been suspended until DEZHIMF comes forward and tells us

• How this feat was achieved
• Why this was done

The admins have reason to believe this user is associated with a training institute or corporation that is not authorized to use FDZ; the ID will be deleted very soon.

[mf_ch]

Hi All,
My ID TSO4472 is also revoked, I tried to create a table and it was showing -904 error, so I browsed few other users DB2 programs to see how their programs and JCLs are.
Could you please provide me TSO access back. Thanks! CH.

[prino]

Hi All,
My ID TSO4472 is also revoked, I tried to create a table and it was showing -904 error, so I browsed few other users DB2 programs to see how their programs and JCLs are.
Could you please provide me TSO access back. Thanks! CH.

UserID TSO4472 no longer exists.

As for browsing the data sets of others, have you ever thought about browsing some IBM manuals?

[steve-myers]

Ever hear the phrase, "the blind leading the blind?" Looking at other people's datasets is the rough equivalent.

Not only that, most mainframe users have an expectation of reasonable privacy. How would you feel if other people started looking at your data?

[mf_ch]

Hi Prino,
I do read the manuals, because i was not able to create my own table and work on that, got into curiosity on how others did that. So just browsed them.
If this ID is no longer longer exists, I will apply for a new one. Thanks for that update.

[michel123]

Hello Steve, hello Prino,

Thank you very much for allowing me to regain access to Dezhi system. This is the first time such a problem presents itself to me, and I can not find an explanation to the message transmitted on the Log. And not easy to remember, point by point, what I did this Tuesday, July 3. I logged on to see some commands under DSLIST: Find a List member, a Member of DSLIST, SRCHFOR DSLIST to search on a cross-reference in my library. I struggled to filter file names on the line Data Set Name. It is often useful to search a cross-reference during maintenance programs in company.

On the other side, I have started that day, no JCL. I've only done the consultation. My last search: find the members containing the word SCEERUN throughout my libraries.

I worked for quite some years in IT services (since 1991), on the MVS and DOS / VSE, as a programmer in Cobol, assembler 370 with DB2 and CICS. Over the past year, I am unemployed and your system has allowed me to regularly review my knowledge, and learn other things to deepen. My membership to your installation has been a real chance for me.

To return the following exchanges initiated by Steve, maybe I inadvertently made a b (browse) on my alias (PG8997) in 3.4? It's a shame not to understand the message IEC161I issued in the log. At least back to the command in error!

Prino thank you again.

Michel.