IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace z/OS
Categories DFSMS Disk Storage SW Support
Created by Guest
Created on May 9, 2025

RELATED IDEAS

Ensure ICH408I message is issued for a data set RENAME when RACF denies authorisation.

If a RENAME macro is issued, for example by IEHPROGM, and the current user does not have sufficient access to the target data set, no ICH408I message is issued. Instead I received the following,
IGD17061I INSUFFICIENT SECURITY AUTHORIZATION FOR  492
DATA SET ADCD.TEST.DATA
ON VOLUME USER05 HISTORIC RETURN CODE IS 8
DIAGNOSTIC INFORMATION IS 04100800
IEC614I RENAME FAILED - RC 008, DIAGNOSTIC INFORMATION IS (04100800),  493
RENAME,USER05,ADCD.TEST.DATA
It took several of us quite a while to find out that this was a RACF access authorisation failure, as (presumably) the RACROUTE REQUEST=AUTH had the MSGSUPP=YES flag on. I found that the RACROUTE had been issued, by using zSecure Access Monitor.

In contrast if I tried to delete the data set with IEHPROGM using a SCRATCH statement the ICH408I message IS produced.

Please change the macro so that we see the ICH408I message?

Idea priority Medium
  • Guest
    Jul 28, 2025
    .RENAME uses LOG=NOFAIL on the RACF authority request in only one specific case where someone else has the old dataset open. In general, you cannot rename a data set whose name is the same as any data set that is allocated to another address space in the same system or in the scope of the SYSDSN enqueue. In this specific condition, the authority checking will be done without logging because we are trying to figure out if the user has authority to rename this dataset even though the data set name is in use. Almost always, if we could not get the SYSDSN ENQ on this data set name, the user does not have the authority to rename it when it is in use. This is not just a check to see if the user has authority to the dataset, but if the user also has authority to the facility class. Because most likely, the user will not have authority to rename a dataset in use by someone else, and the fact that the racf failure for this would not look like just an authorization failure to the dataset itself, we do not allow the logging of the message that would not be easy for the user to understand. Therefore, we give back the diag code of 04100800. This DIAG code can be found in DFSMS Diagnosis Guide as

    X'04' X'10' RACRET RACREAS Invoke RACF to check caller's authorization and
    rename the data set name in the profile. RACROUTE = DEFINE.

    More information can be found in the z/OS DFSMS Advanced Services guide: https://www.ibm.com/docs/en/zos/3.1.0?topic=gcr-renaming-data-set-that-might-be-in-use

    Because this design for RENAME is valid, and we do not wish to surface misleading RACF error messages, we are rejecting this Idea. The fact that the user doesn't have authorization can be found in the DIAG word from RENAME found in the IEC614I message.
    Reply

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.