Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use

[R.S.]

No single DATASET profile is not a problem, the problem is to 
automatically update the list of APF libraries in RACF.
In fact, you propose additional check for updating APF libraries just 
because the are APFed. Some kind of wizard (no irony) checking APF 
attrib dynamically. The same job can be done manually by simple DSMON 
report which lists all the APF libraries. I would not pay for such 
change. It could be also costly in terms of CPU and I/O. Last, but not 
leat it does not exhaust possible holes - there are LNKLST (usually run 
auth), LPA, exits, etc.
Those objects lists are easily available by a command and can be 
compared to RACF protection.

BTW: RACF admin shouldn't be dumb command issuer. He's resonsibility is 
to define/change the profiles as well as document the changes, as well 
as understand the changes (to know what is ABC.DEF.APFLOAD, etc.).
In many cases RACF admin creates security policy (maybe he shouldn't but 
he does), and decides who should have access to APF, LPA, etc.
--
Radoslaw Skorupka
Lodz, Poland

--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html