Walt, The users: - test their changes by running jobs against read-only production files - view the files through CICS - view the files through TSO - run comparison jobs [both in Test and QA] against the files
The PERMIT-PROGRAM approach is how we envision to grant access through the subsystem while disallowing direct reads. Thanks a lot -Victor- On Fri, 24 Mar 2006 13:46:06 -0500, Walt Farrell <[EMAIL PROTECTED]> wrote: >Do your users access these files through specific applications? If so, >you could establish security rules that would allow the users to access >the data only when running those specific programs, and not when running >other programs of their own choosing. > >With RACF, for example, we call that processing Program Access to Data >Sets, and you set it up with a PERMIT command of the form > PERMIT 'data set profile name' ID(user or group) WHEN(PROGRAM(program >name)) ACCESS(READ) > >You'll have some additional work to do in setting up the program >controls, but this is the usual approach to problems like you describe, >other than using a DBMS-based solution. > > > Walt Farrell, CISSP > z/OS Security Design, IBM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html