I agree with Frank here. He's starting with a new z/OS system, albeit converting from VSE. He should not be encumbered by any of the baggage from pre RACF or any other "this is the way we had to do it last century".
Aside from logical job ownership controls and flexible job names, what other advice can we give him? Set up for multi-logon TSO from the start? Be prepared for Sysplex later even if monoplex now. Keep sandbox/test/development/production separate from the start? Others? Dave Gibney Information Technology Services Washington State University > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Frank Swarbrick > Sent: Monday, October 05, 2009 1:49 PM > To: [email protected] > Subject: Re: > > >>> On 10/5/2009 at 1:32 PM, in message <[email protected]>, > Rick Fochtman > <[email protected]> wrote: > > But you still need to prevent testers from submitting jobs with a > > production USERID. We used a TSO exit to remove USER/PASSWORD parms > from > > the JOB statement. Got a better idea? > > RACF seems to do this for us. I tried to submit a job using another > programmer's user ID and got this: > > $HASP100 MYJOB ON INTRDR FROM TSU08747 > FJS > ICH408I USER(RSG ) GROUP(APPPROG ) NAME(ROBIN GORDON ) 811 > SUBMITTER(FJS ) > LOGON/JOB INITIATION - SUBMITTER IS NOT AUTHORIZED BY USER > > I'm not going to try using the scheduler's user ID, but I would hope > something similar would occur! > > > Please remember: much of what I describe was developed before RACF > was > > able to filter job submission. > > For better or worse I am not familar with the pre-RACF world. So any > limitations that may be in place because of that world may strike me as > "silly", simply because I didn't have to deal with it. In any case, > since I don't live in that world I don't believe I should be limited by > its restrictions. That's what I'm getting at. > > Frank > > -- > > Frank Swarbrick > Applications Architect - Mainframe Applications Development > FirstBank Data Corporation - Lakewood, CO USA > P: 303-235-1403 > > > > > The information contained in this electronic communication and any > document attached hereto or transmitted herewith is confidential and > intended for the exclusive use of the individual or entity named above. > If the reader of this message is not the intended recipient or the > employee or agent responsible for delivering it to the intended > recipient, you are hereby notified that any examination, use, > dissemination, distribution or copying of this communication or any > part thereof is strictly prohibited. If you have received this > communication in error, please immediately notify the sender by reply > e-mail and destroy this communication. Thank you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
