On Fri, 22 Jun 2007 16:27:40 +1000, Ken Brick <[EMAIL PROTECTED]> wrote:
> >All valid many years ago but today with the ability to concatenate >PARMLIB we, the system programmers, just need to put a little effort >into segregating members into READ/NOREAD areas. This will still not >satisfy every one especially people like Peter Farley who reading >between the lines of many of this posts his probably involved in >applications tuning and probably has a real argument for a higher degree >of read access to many members > That will work, but if he has a valid need the security product rules can also be changed to allow him access. UACC is just a default. It doesn't mean it's right for all or everyone in a particular group with similar job functions. There can be exceptions. I myself have the AUDITOR attribute in RACF to help diagnose problems that may be security related that aren't obvious. But not all the "MVS" sysprogs have it. All AUDITOR does is give me READ access to profiles and doesn't let me circumvent security in any way, but every year during audit my manager and the security manager have to sign off on the access and explain it. Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group: G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
