Ditto here. I've worked in three banks in my career and in each one update access to any system library was allowed only to the MVS sysprogs, and their update access was logged and reported. Other sysprogs and the performance analyst/capacity planner(me) had read access and sent requests to the MVS sysprogs for updates. Any of the bank auditing groups (internal, independent, and/or governmental) would have had a hissy-fit if it had been set up any other way.
Tom Kelman Commerce Bank of Kansas City (816) 760-7632 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Mark Zelden Sent: Thursday, June 21, 2007 9:44 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: how to list LE options There are pros and cons like everything else. If you want or need tight security controls, then "on a need to know basis" is a good approach. You picked a bad example. I don't want to handcuff anyone to keep them from doing their jobs, but PARMLIB should definitely be UACC(NONE) except to the sysprogs who need to update it. The exception is other sysprogs who request updates when only a select number of sysprogs do the updates. In our shop, only the "MVS" guys are allowed to update PARMLIB(s), the CICS,DB2,MQ, WAS, etc. teams have read access and need to request updates through the "MVS" group. If you don't think that is proper... just ask any auditor. ;-) Do you really think the APF list should be published?! Seriously... have you ever been involved with a SAS70 audit? ***************************************************************************** If you wish to communicate securely with Commerce Bank and its affiliates, you must log into your account under Online Services at http://www.commercebank.com or use the Commerce Bank Secure Email Message Center at https://securemail.commercebank.com NOTICE: This electronic mail message and any attached files are confidential. The information is exclusively for the use of the individual or entity intended as the recipient. If you are not the intended recipient, any use, copying, printing, reviewing, retention, disclosure, distribution or forwarding of the message or any attached file is not authorized and is strictly prohibited. If you have received this electronic mail message in error, please advise the sender by reply electronic mail immediately and permanently delete the original transmission, any attachments and any copies of this message from your computer system. ***************************************************************************** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html