On Tue, 26 Feb 2008 21:49:22 -0500, Farley, Peter x23353 <[EMAIL PROTECTED]> wrote:
>I agree with you about this type of "harmless" testing of authority to >access. However, given the god-like authority of auditors these days, >maybe it would be more helpful to you (and easier to get past the >auditors) to have an additional parameter to RACROUTE which said, in >effect, "Don't tell me about any violations. I don't care if you record >the attempted access in SMF, but don't bother telling me about it." > >I.E., suppress the message but go ahead and cut a record if you want to. > >Of course, that doesn't address the SMF noise issue for those who really >need to track attempted accesses to truly important resources to detect >actual hacking attempts. That's MSGSUPP=YES, which does not require APF authorization because it does not hide anything from the auditors. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html