If you don't want to or need to activate those classes, you can consider changing the health check to lower the severity.
- Don Imbriale On Fri, Feb 18, 2011 at 4:54 PM, Givens, Dennis W. < dennis.giv...@cnasurety.com> wrote: > Thanks. That is good information. > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On > Behalf Of zSeries Systems Programmer > Sent: Friday, February 18, 2011 3:50 PM > To: IBM-MAIN@bama.ua.edu > Subject: Re: RACF Resource Classes > > TAPEVOL class will have to be researched within your shop to make sure > you don't break something by mistake. If you wish to implement, you > can put in in warning mode and then see what is accessing. > > TEMPDSN is real straight forward and prevents jobs/users from > accessing someone elses TEMP datasets especially if there is and > ABEND. The one thing to be aware of if you put this in is make sure > you don't have any in flight data sets. If a job is running when you > turn on this resource, it could cause the job to fail with a RACF > error because it will no longer have access to its temp data that it > created with the resource off. > > On Friday, February 18, 2011, Skip Robinson <jo.skip.robin...@sce.com> > wrote: > > Whether or not to activate the TAPEVOL class is a business practice > > decision, not a technical one. We have never done so and most likely > never > > will because of changes that would be imposed on the client community for > > dubious benefit. Extensive use of generic profiles and our tape > > management software provide extra layers of protection that render > TAPEVOL > > less important. > > > > We also run without TEMPDSN, but I can't say why. > > > > > > . > > . > > JO.Skip Robinson > > SCE Infrastructure Technology Services > > Electric Dragon Team Paddler > > SHARE MVS Program Co-Manager > > 626-302-7535 Office > > 323-715-0595 Mobile > > jo.skip.robin...@sce.com > > > > > > > > From: "Givens, Dennis W." <dennis.giv...@cnasurety.com> > > To: IBM-MAIN@bama.ua.edu > > Date: 02/18/2011 12:25 PM > > Subject: RACF Resource Classes > > Sent by: IBM Mainframe Discussion List <IBM-MAIN@bama.ua.edu> > > > > > > > > I am working on the resolution of exceptions produced by the recently > > activated Health Checker feature on a Z/OS 1.10 system. > > Specifically the following 2 checks: > > > > CHECK(IBMRACF,RACF_TAPEVOL_ACTIVE) > > Check Severity: Medium > > IRRH229E The class TAPEVOL is not active. > > Explanation: The class is not active. IBM recommends that the > > security administrator at your > > installation activate this class and define in it the profiles to > properly > > protect your system. > > > > CHECK(IBMRACF,RACF_TEMPDSN_ACTIVE) > > Check Severity: Medium > > IRRH229E The class TEMPDSN is not active. > > Explanation: The class is not active. IBM recommends that the security > > administrator at your > > installation activate this class and define in it the profiles to > properly > > protect your system. > > > > I am contemplating activating both of these resource classes but have no > > immediate plans for using them in any profiles. > > My concern is that the activation of these classes will in itself cause > me > > problems. Any experiences or insight would be much appreciated. > > > > Signed A Novice RACF Administrator > > > > > > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
