Re: TCP3C8A Operation not authorised

On 06-Mar-2014 11:13 -0800, Dave Boettcher wrote:

<<SNIP>> entered WRKFCNUSG FCNID(QIBM_QTMF*) - again a long list of
functions - What to look for? <<SNIP>>

In the list of Function Identifiers presented by Work with Function Usage (WRKFCNUSG), with the prefix of QIBM_QTMF_CLIENT, use the Option 5=Display to review if user profile name(s) are listed; most notably, the user profile name that exhibits the failure when the STRTCPFTP (FTP) request is made. Effectively, looking for a Function regarding the FTP client [per QTMFCLIE diagnosing the issue], that has been restricted to a specific [set of] user(s). If any users are listed under any of those Function IDs, then try to understand why the specific user would be properly restricted\denied access, according to the details presented [in each of the DSPFCNUSG outputs; effected by 5=Display].

Most notably, the QIBM_QTMF_CLIENT_REQ_0 which is the capability enabling "Initiate Session". That function is by default [authority], *ALLOWED, thus any user listed typically would be excluded\disallowed from the capability identified by that "Function ID", per the entry for the user profile showing "Usage=*DENIED" to override that default.

Using what was once called the iSeries Navigator [iNav] feature called Application Administration, is an alternate\graphical means to see the settings for those capabilities, contrasted with the command-line Work with Function Usage (WRKFCNUSG); as already alluded in other responses in this thread. Refer to the Redbooks document SG24-6321 at the download link for a graphic showing the drill-down; just search the PDF for the subject message:
Abstract: <http://www.redbooks.ibm.com/abstracts/SG246321.html>
Download: <http://www.redbooks.ibm.com/redbooks/pdfs/sg246321.pdf>