Getting message "CBDG903I Insufficient authority to process the request" when trying to activate a new IODF
The message description states that the authorization is not sufficient for the request.
What authorizations are required?
A request against one or more systems of the active Sysplex has been issued, but the authorization is not
sufficient to process the request.
The following authorizations must be defined within the OPERCMDS class:
o READ authority for MVS.DISPLAY.IOS resource in order to display the IOS configuration
o UPDATE authority for the MVS.ACTIVATE resource in order to activate an I/O configuration
or to reply to an active WTOR message.
The default SAFDEF for the OPERCMDS class is ignore with return code 4.
The IBM code is expecting a zero return code. Anything else is seen as a violation.
Therefore, you will need to activate OPERCMDS and write rules.
INSERT SAFDEF.OPERCMDS ID(OPERCMDS) MODE(GLOBAL) RCAROUTE(REQUEST=AUTH,CLASS=OPERCMDS)
The default TYPE code for OPERCMDS class is TYPE(SAF)
If you want to override this and use a different type you will need to add a clasmap as follows (in this example
we are mapping CLASS OPERCMDS to TYPE code OPR)
INSERT CLASMAP.OPERCMDS RESOURCE(OPERCMDS) RSRCTYPE(OPR)
You can then write a resource rule to allow users access to these resources
DISPLAY.IOS UID(allowed users uid) ALLOW SERVICE(READ)
ACTIVATE UID(allowed users uid) ALLOW SERVICE(UPDATE)