RACF message ICH408I
For a complete description of RACF message ICH408I, see z/OS Security Server RACF Messages and Codes.
The first line of message ICH408I identifies a user who had an authorization problem. The other lines of the message describe the request the user was issuing and the reason for the failure.
ICH408I USER(JONES ) GROUP(DEPT60 ) NAME(M.M.JONES )
ICH408I FLA32 CL(FCICSFCT)
ICH408I INSUFFICIENT ACCESS AUTHORITY
ICH408I FROM F%A* (G)
ICH408I ACCESS INTENT(UPDATE ) ACCESS ALLOWED(READ )
User JONES, a member of group DEPT60, whose name is M.M.JONES, had INSUFFICIENT ACCESS AUTHORITY to resource FLA32, which is in class FCICSFCT.
Note: If the class shown is a resource group class, the profile might be in the class shown or in the related member class. For example, if GCICSTRN appears, check TCICSTRN also. If HCICSFCT appears, check FCICSFCT also. For a list of all the IBM®-supplied class names, see RACF classes for CICS resources. For a list of the installation-defined class names that are in use on your installation, see your RACF system programmer, or issue the SETROPTS LIST command.The RACF profile protecting the resource is F%A*.
(G)indicates that F%A* is a generic profile.The access attempted by user JONES was UPDATE, but the access allowed by RACF was READ. Therefore, user JONES was denied access.
DFHXS1111 26/09/95 15:34:01 CICSSYS1 Security violation by user JONES
at netname D2D1 for resource FLA32 in class
TCICSTRN. SAF codes are (X'00000008',X'00000000'). ESM codes
are (X'00000008',X'00000000').
The SAF and ESM codes come from RACROUTE REQUEST=AUTH.
In this profile, user JONES has an explicit entry in the access list. If the userid itself does not appear in the access list, check for one of JONES's connect groups. To list the groups to which JONES is connected, issue LISTUSER JONES Other specifications in the profile (such as security level or security category) might cause access to be denied. For a complete description, see the z/OS Security Server RACF Security Administrator's Guide.