The error message "Physical File Name not authorised" is reported on ESMAC while creating a Catalog. The system reports the problem when the Security for AD/LDS is activated. The same catalog can be created when MFDS Internal Security is on without any issue.  The files are on a remote drive.

It will be found that if the RACF Class = PHYSFILE is deleted from the Enterprise Server Resources then the catalog can be created and the error message is not obtained. But it is desired to restrict JES access to files. Therefore it is necessary to know the syntax to enter the physical file path.

When a user with alter access to a DATASET class make changes, before the changes are applied to the physical file, the PHYSFILE class is checked for access rights. Changes are made only if the user has access rights to PHYSFILE.

Below is an example LDIF definition for PHYSFILE.

#########################
# RACF Class = PHYSFILE #
#########################
dn:CN=PHYSFILE,CN=Enterprise Server
Resources,CN=MicroFocus,CN=RPIS,DC=mftesting,DC=com
changetype: add
objectClass: top
objectClass: container
description: JES Class for controlling access to physical files

#########################
# physical file MYFILE #
#########################
dn:CN=D\\3A\\\\RPIS\\\\DATA\\\\MYFILE.DAT,CN=PHYSFILE,CN=Enterprise
ServerResources,CN=Micro Focus,CN=RPIS,DC=mftesting,DC=com changetype: add
objectClass: microfocus-MFDS-Resource
microfocus-MFDS-Resource-Class:PHYSFILE
microfocus-MFDS-Resource-ACE: allow:ALLUSER group:update
microfocus-MFDS-Resource-ACE: deny:*:execute
microfocus-MFDS-UID: mfuid

Take note of the following:

dn:CN=D\\3A\\\\RPIS\\\\DATA\\\\MYFILE.DAT,CN=PHYSFILE,CN=Enterprise

Note that "\\3A" is an escaped ":" character, and "\\\\" is an escaped
"\\" character. These escapes are necessary for LDIF files and also
if you were writing a program that makes direct LDAP API
calls.

This would set the ACL for the path "D:\\RPIS\\DATA\\MYFILE.DAT".

If you're using a utility such as ADSIEdit, you should be able to
create a new rule for a physical file path in the PHYSFILE class by following this procedure:

1. Navigate into the PHYSFILE LDAP container
2. Create a new object of type microfocus-MFDS-Resource
3. Set the cn attribute value to the path (here you should not need to
escape special characters - ADSIEdit should do it for you. For
example, you could set this to "C:\\ProgramData\\**").
4. Set the UID attribute value to anything, and the
microfocus-MFDS-Resource-Class attribute value to "PHYSFILE". (These
attributes are mandatory but not currently used.)
5. Click the More Attributes button, select
microfocus-MFDS-Resource-ACL from the drop list, and enter an ACE in
the Edit Attribute field (eg "allow:*:read"). Click Add.
6. Add more ACEs if desired and click OK.
7. Click Finish to create the rule.