On Wed, 24 Aug 2005 07:30:51 -0500, Chase, John <[EMAIL PROTECTED]> wrote:
>> -----Original Message----- >> From: IBM Mainframe Discussion List On Behalf Of Shane Ginnane >> >> Scott wrote on 24/08/2005 01:54:02 AM: >> > >> > Would a reIPL function/system command be a useful thing for z/OS? >Perhaps: >> > >> > V XCF,SYSNAME,sysname,OFF,REIPL >> > >> > ...would do the standard VARY XCF OFF thing and then direct LPAR to >> > reIPL the same load parms as last time? >> > >> > Thoughts? >> >> .... So long as it queried >> the operator for confirmation similar to the V XCF,xyz,OFF. > >We'd add a requirement that the REIPL option itself be separately >RACF-protected, e.g. via a unique FACILITY (or FACILITY-like) profile, with >a default action of "not authorized" on SAF/RACF RC=4. We'd also recommend >that the REIPL option be "restrictable" by console type and address (e.g., a >config option (in CONSOLxx?) REIPL(YES|NO) to allow limiting entry of the >REIPL option to (a) specific console(s)), and a means in SDSF (or >equivalent) to allow / deny entry of the REIPL option from a console >session, again with a default of "deny". > Not that I'm against your proposal, but why do you feel you need extra security beyond protecting V XCF,sysname,OFFLINE? How much more damage can you do beyond taking a system out of the sysplex (when you shouldn't have done so to begin with) and requesting an IPL with the last used parms? If the operator wasn't authorized for the REIPL operand what would prevent him/her from re-ipling from the HMC (which presumably someone issuing a V XCF,sysname,OFFLINE has access to). Do your operators issue the offline command but then need someone else to re-ipl for them? Can they only do it from certain full authority consoles now? Regards, Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America and Farmers Insurance Group mailto: [EMAIL PROTECTED] Systems Programming expert at http://Search390.com/ateExperts/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.htmlffffff ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
