Englebrecht: One of the issues (using RACF as an example) is that I can;'t trust the RACF person all the time. I have seen them bend to political pressure rather than arguing. I was never afraid to argue with politics. Once I got a RACF person I could trust he would fyi me if he was told to "do something" that we has set up to stop. The guy left and the person that replaced him was a racg person that couldn't say no to anyone so I spent 40 percent of my time figuring out what he was doing. That is part of the 100 hour work week I spent.
Another example we did not allow assembler programming so we turned off all access to sys1.maclib. I also put the assembler and its alias's in protested program status. That cut almost everyone except a consultant who brought a copy of ASM H but it didn't do any good as he couldm't get to sys1.maclib. He tried an end run on that and I caught him. He got kicked out on his keister. Ed ________________________________ From: Elardus Engelbrecht <[email protected]> To: [email protected] Sent: Sat, April 9, 2011 1:24:40 PM Subject: Re: How to start RMF Monitor III automatically after IPL the system. Ed Gould wrote: >Issuing commands is nasty and should be monitored quite a bit more closely in the production environment. I have seen two companies got bit by this. This why I disallow commands from anywhere but the console. Not a *bit* more closely, but a *LOT* more closely. Use RACF LOGOPTIONS ALWAYS for OPERCMDS class. Mark Zelden wrote: >You wouldn't allow automation to issue commands? You wouldn't allow operators or other authorized people to issue commands via SDSF or some other means? Each command has it own place to be issued. - Some are better placed in COMMNDxx, IEACMDxx, JES2 init statements. - Some commands like those MODIFY commands, can be issued from anywhere, SDSF, console, programs, etc. - Some commands are best left to automation software. (extreme example: cancel a cics when there are SMF overflows.) - Some (timed) commands are best used at our own IPL and shutdown procedures I wrote in Assembler. (versions of that were indeed discussed here in this thread...) We here generally limit access to users to issue system commands at all, except the DISPLAY commands. Some MODIFY commands we also disallow because they are used to SHUTDOWN database system. These MODIFY commands are the db's own version of P command. But then, some users are ALLOWED to CANCEL/STOP their own database(s), with the understanding the issuer will take the full responsibility and risks for it. I could go on and on defending both Ed and Mark positions, but you get the idea. ;) It is all about the best balance. (and I as RACF person can always take away or give access if there is a problem/need...) So each to his own. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
