Okay, my RACF is a little rusty, but isn't there a difference between a profile define as 'GIM.*' and one defined as 'GIM.**'? The IBM APAR advises to rdefine GIM.* (and echoed by Mark Z), but JC and Ed Jaffe are advising GIM.**.
Thanks in advance, Greg Shirey Ben E. Keith Co. -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Chase, John Sent: Friday, May 14, 2010 6:36 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use > -----Original Message----- > From: IBM Mainframe Discussion List On Behalf Of Edward Jaffe > > Mark Zelden wrote: > > Not if you define only 1 profile as GIM.*. I suspect that will suffice for > > at least 95% of the shops out there. We've already discussed the > > unlikelihood of shops desiring to do something more granular like > > giving a certain set of users RECEIVE only (even though it could be done). > > > > That's exactly what we did last week: defined GIM.** with UACC(READ). For your kind of shop that's probably entirely appropriate. We defined GIM.** with UACC(NONE) and permitted our sysprog group to it with READ. It will probably stay that way until somebody figures out exactly what the risk is or was (or somebody "in the know" spills all the beans). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
