No single DATASET profile is not a problem, the problem is to
automatically update the list of APF libraries in RACF.
In fact, you propose additional check for updating APF libraries just
because the are APFed. Some kind of wizard (no irony) checking APF
attrib dynamically. The same job can be done manually by simple DSMON
report which lists all the APF libraries. I would not pay for such
change. It could be also costly in terms of CPU and I/O. Last, but not
leat it does not exhaust possible holes - there are LNKLST (usually run
auth), LPA, exits, etc.
Those objects lists are easily available by a command and can be
compared to RACF protection.
BTW: RACF admin shouldn't be dumb command issuer. He's resonsibility is
to define/change the profiles as well as document the changes, as well
as understand the changes (to know what is ABC.DEF.APFLOAD, etc.).
In many cases RACF admin creates security policy (maybe he shouldn't but
he does), and decides who should have access to APF, LPA, etc.
--
Radoslaw Skorupka
Lodz, Poland
--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl
Sd Rejonowy dla m. st. Warszawy
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego,
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym
BRE Banku SA bd w caoci opacone.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html