Remark: UPDATE to catalog is nothing dangerous: it means you're
allowed  to catalog/uncatalog datasets.

You allow your users to catalog someone else's data sets?
Try READ access, plus generic profiles covering the data sets that the
user should be messing with. The requirements for the various cases
are covered in the RACF documentation.

Sorry, Seymour, not true. The quote below is from a RACF manual, but briefly it says that to CREATE a catalog entry you must have UPDATE authority to the catalog PLUS authority to create the dataset. To manipulate or delete a catalog entry, you must have ALTER to either the dataset OR the catalog. So users must have UPDATE to the catalog contining their datsets, but they must also have authority to the dataset names to create the entries.

>From the RACF Security Admin Guide:

For cataloged data sets, creating, deleting, or renaming the data set involves access not only to the data set profile protecting the data set, but also to the catalog in which the data set is cataloged. In general, users need the following: O To add entries to the catalog, users need authority to create the data set as specified below and UPDATE authority to the catalog. O To delete entries from the catalog, users need ALTER authority to the protecting profile or to the catalog.
--
Bruce A. Black
Senior Software Developer for FDR
Innovation Data Processing 973-890-7300
personal: [EMAIL PROTECTED]
sales info: [EMAIL PROTECTED]
tech support: [EMAIL PROTECTED]
web: www.innovationdp.fdr.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to