Jim Marshall wrote:
My Security folks are eager to have us implement something called "Dataset Name Hiding". This will hide dataset names from a user's view if they do not have the necessary security authority for these files. I am not sure of all the details as to what RACF permissions are needed "to see" a file.
See Walt Farrell's authoritative response.
Has anyone implemented or evaluate this (most likely) new feature. What were the effect of implementation. My sense is there might be an implication of more processor usage depending on what z/OS needs to do to check if a user may or may not see a line to be displayed on their screen. I believe this facility is within TSO with ISPF.
It's not _that_ new. It came out with z/OS 1.5. If you have this feature enabled, you will be calling the security product for _every_ data set name that would otherwise be displayed in any context (e.g., under ISPF 3.4). IBM has done everything it can to minimize the overhead. (The operative word here is "minimize".) Still ...
Just curious. How much of an exposure exists if a user knows the name of a data set [s]he can't open?
-- Edward E Jaffe Phoenix Software International, Inc 5200 W Century Blvd, Suite 800 Los Angeles, CA 90045 310-338-0400 x318 [EMAIL PROTECTED] http://www.phoenixsoftware.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
