If you have a sandbox LPAR, change it to UACC(NONE) and WARNING and then IPL and logon. The ICH408 messages in the log should tell you who needs various accesses that are not already provided. (They will also show which tasks have no user assigned which is something else you would want to correct.) Add those and repeat until there are no ICH408 messages. Then revert to NOWARN and test again.
Alternatley, clean out the SMF datasets, IPL and logon and then use MXG or one of the CBT SMF analysis tools to find out which jobs and tasks opened the dataset. You may have to determine which users correspond to which tasks separately. ----- Original Message ----- From: "Juan Mautalen" <jgmauta...@yahoo.com.ar> To: IBM-MAIN@bama.ua.edu Sent: Friday, March 9, 2012 11:00:34 AM Subject: VTAMLST - Who needs to read it Hi: We currently have our VTAMLST libraries protected with UACC(READ). IBM suggests UACC(NONE) for them (RACF Security Administrator Guide, apendix D- Security for system datasets) . I want to make the change, but of course i know i must be extremely carefull with this change. I need to detect all users needing read access to VTAMLST. Human users are not my problem, my worry is about non-human ones (users of system tasks, started tasks, etc.). What users need read access of VTAMLST? Does any userid associated with a VTAM application need to read VTAMLST? Thanks in advance for your help, Juan Mautalen ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
