Software AG Community Discussion Forums


Forums - Categories
  Change Enhancement Forums
  Adabas
  Natural
  CentraSite
  Mainframe Integration
  webMethods
  Business Community
  Tamino
  Former Crossvision Products
  Entire System Management
  Implementation Forums
Top 5 Contributors
Most discussed topics
Most popular topics
  
 



 Forums OverviewForums Overview   phpBB FAQphpBB FAQ    SearchSearch    Agreement TermsAgreement Terms     RegisterRegister 
LoginLogin

Natural Related Products Community Forums


RJE JCL fails with numeric user id
 
Post new topic   Reply to topic   Quick reply   printer-friendly view    Community Forum Index -> Natural Related Products -> Com-plete
View previous topic :: View next topic
Author Message
Chris Walsh
Senior Member


Joined: 29 Aug 2005
Posts: 24
Country: United States
PostPosted: Thu Aug 03, 2006 11:31 pm    Post subject: RJE JCL fails with numeric user id
Users who submit jobs using NATRJE under Com-Plete are having their JCL kicked out with an error if the 1st position of their RACF User ID is not alphabetic. Confused

The error message is “IEF647I FIRST CHARACTER OF NAME NOT ALPHABETIC OR NOT NATIONAL IN THE USER FIELD ”

It appears that Com-Plete or RJE is automatically inserting a generated ACEE statement after the 1st job card. This only occurs under Com-Plete - not with CICS. The card looks like:

// PASSWORD=,USER=5AB,GROUP=A0BC

Can the ULSRRJE user exit be used to strip out this generated card? Has anyone coded this userexit to remove this line and would be willing to share the code? We don't have easy access to Assembler programmers to write one and sure would appreciate the code! Very Happy

If the user exit can not address this, can anyone offer a solution that does not involve assigning new user ids to hundreds of users?

Thanks in advance
Chris Walsh
Back to top
View user's profile
Wolfgang Winter


Moderator


Joined: 23 Mar 2005
Posts: 490
Country: Austria
PostPosted: Fri Aug 04, 2006 6:17 pm    Post subject: Re: RJE JCL fails with numeric user id
Nope, Chris, you will NOT get control in ULSRRJE to delete the USER= parm, you'll need to supply an "empty" USER= on the JOB (or a continuation) statement, or insert it by an ULSRRJE.
Back to top
View user's profile Visit poster's website
Ray Mullins
Senior Member


Joined: 30 Nov 2005
Posts: 24
Country: United States
PostPosted: Fri Aug 04, 2006 8:10 pm    Post subject: Re: RJE JCL fails with numeric user id
I've been contributing on the related SAG-L thread.

Why is a USER= being inserted? NPR doesn't do it. The SAF default if there is no USER= on the job card is to use the userid in the ACEE pointed to by TCBSENV or ASCBENV.

I remember a long time ago there were issues in this area, but nowadays there should be no need to insert a USER= in COM.

And NATRJE doesn't insert a USER= either.
Back to top
View user's profile
Chris Walsh
Senior Member


Joined: 29 Aug 2005
Posts: 24
Country: United States
PostPosted: Fri Aug 04, 2006 8:29 pm    Post subject: Re: RJE JCL fails with numeric user id
Ray, your original suspicion was correct. I heard back from Support that APPLYMOD=83 will suppress the credential card. The description threw us off the trail as it's listed as: "Don't keep Password for RJE"

Note that activating this applymod in RACF environments that require the user card will break NATRJE submissions. However in our environment, this is not a problem so problem solved!

They also mentioned that the 'extra credentials' are added as a combination of COM and RACF.

Thanks for all the help
Chris
Back to top
View user's profile
Wolfgang Winter


Moderator


Joined: 23 Mar 2005
Posts: 490
Country: Austria
PostPosted: Fri Aug 04, 2006 8:43 pm    Post subject: Re: RJE JCL fails with numeric user id
That's correct, AM 83 being ON suppresses insertion of all 3 parms (user, password, group).

With ACF2 and TOP-Secret the story is a bit different, as mentioned in the applymod description, essentially the ACEE pointer is being passed rather than the user / password.

Ray, this may indeed be of historic nature nowadays, back then if there was no USER on the JCL, the job would run with the authority of the user assigned to the COM-PLETE region, which usually is undesirable.
Back to top
View user's profile Visit poster's website
Ray Mullins
Senior Member


Joined: 30 Nov 2005
Posts: 24
Country: United States
PostPosted: Mon Aug 07, 2006 5:47 pm    Post subject: Re: RJE JCL fails with numeric user id
Wolfgang Winter wrote:
Ray, this may indeed be of historic nature nowadays, back then if there was no USER on the JCL, the job would run with the authority of the user assigned to the COM-PLETE region, which usually is undesirable.


Yes, this sounds like 4.3 or 4.4 days, when TCBSENV was not populated with the user's ACEE by COM. I think this changed in 4.4 or 4.5.

I remember documentation in one of the COM manuals specifically for TOP-SECRET and ACF2 that required you to change certain options so that TCBSENV was honoured. IIRC, RACF always honoured TCBSENV if set.

I do believe this is a security exposure nowadays; could you please ask Steffan K. if he can change it so that 83 is now set on always by default.

Grüße!
Back to top
View user's profile
Steffen Kuhnert


Moderator


Joined: 22 Mar 2005
Posts: 19
Country: Germany
PostPosted: Thu Apr 19, 2007 4:08 pm    Post subject: Re: RJE JCL fails with numeric user id
Thanks for the suggestion, Ray.
We'll remove the insertion of this continuation card in the next version (6.6).

Steffen
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic   Quick reply   printer-friendly view    Community Forum Index -> Natural Related Products -> Com-plete All times are GMT + 1 Hour
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Powered by phpBB © 2001, 2003 phpBB Group