Perryman, Brian wrote:
Hi folks
I have some RACF reports that show some users requesting ALTER access to some dataset catalogs, in some cases, even to the master catalog.
What circumstances would cause this? The highest level I would expect on a user catalog would be UPDATE, and on the master catalog I wouldn't expect to see anything but READ..?
Access checking to ICF catalogs is complex (or even weird).
ALTER to catalog for example can bypass normal dataset access checking:
having ALTER to catalog you can delete VSAM or SMS-managed datasets
despite DATASET class profiles.
Strong IBM suggestion is to avoid ALTER to catalogs.
Now, who needs what.
Everybody need READ to MCAT.
Folks allowed to create/delete datasets need UPDATE to proper UCAT, or
MCAT if no alias is for that HLQ.
Remark: UPDATE to catalog is nothing dangerous: it means you're allowed
to catalog/uncatalog datasets.
Storage administrators need *sometimes* ALTER to UCATs and MCAT. I'd
suggest another userid for that purpose, just to avoid "ooops" during
day-by-day ISPF navigation.
HTH
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
