IOFTech    Maintenance   Release8G       Newsletters    Doc    FAQ    Contacts    Home    Webmaster

IOF Problem Resolution
Problem E01
Previous Next
Description The AT command (or the SERVER command) is REFUSED.
 
Background IOF requires that the local site authorize all users access to all IOF commands and functions. Section 28 of the IOF Installation Guide describes various methods of granting access to various IOF resources to users.


 

Solution The "AT" and "SERVER" commands require access to the "SYSTEM" resource. See section 28 of the IOF Installation Guide for a description of IOF authorization facilities. Specifically look at example #10 on page 95.


 

Information The IOF TRACE command is used to trace IOF access control processing. TRACE shows all ALLOW and LIMIT macros, and calls to the system security system (RACF, ACF2, TSS, etc).

TRACE output is written to a SYSOUT trace data set with DDNAME $IOFLOG$. Multiple TRACE commands can be issued on a single IOF session. Each TRACE sequence allocates a new $IOFLOG$ SYSOUT data set.

TRACE has several options. The most useful options are shown below.

Tracing Session Initialization.

The $IOFLOG$ trace data set is allocated. IOF group assignment is traced. The trace data shows why the user is assigned to a specific group, and why the user was not assigned to other groups. Eligible ALLOW and LIMIT macros are also listed. At trace completion, the trace is automatically disabled and the $IOFLOG$ sysout data set is browsed.

Syntax:

TRACE START

Tracing an IOF Command

IOF primary commands and line commands can be traced to determine exactly why access was either granted, or denied. Two TRACE commands are issued.

The first TRACE command allocates the $IOFLOG$ sysout data set and enables the function trace.

The second TRACE command disables the trace, frees the $IOFLOG$ data set, and browses the trace data set.

Each IOF ALLOW and LIMIT macro is shown in $IOFLOG$ along with a description of it's effect on the access control decision. Calls to the system security system are also traced. The resource name, class and return code from the security system are shown. This is normally sufficient information to show exactly why a command was permitted or denied.

It is recommended that only one or two commands be issued with the trace enabled. This makes interpreting the trace easier. To trace additional functions, enter multiple TRACE command pairs.

Syntax:

TRACE
...
one or more IOF primary or line commands
...
TRACE

Clist and Rexx Exec Tracing

A few IOF clist and Rexx execs can be traced. Enabling clist/exec tracing causes the detailed instructions to be listed on the screen.

Syntax:

TRACE EXEC
...
IOF command that invokes a clist or exec
...
TRACE EXECOFF
 
More Help Click here to EMAIL a problem report to IOF Technical Support for additional assistance.

 

Previous Next

Triangle Systems, Inc. PO Box 12752, Research Triangle Park, NC 27709
(919) 544-0090

IOFTech    Maintenance   Release8G       Newsletters    Doc    FAQ    Contacts    Home    Webmaster

Monday, 25-Jan-2016 13:45:38 EST
[an error occurred while processing this directive]

bauth itrace @@