On Thu, 17 Apr 2008 12:04:00 -0700, Edward Jaffe
<[EMAIL PROTECTED]> wrote:
>Mark Zelden wrote:
>> On Tue, 15 Apr 2008 18:12:56 -0700, Edward Jaffe
>> <[EMAIL PROTECTED]> wrote:
>>
>>
>>> Sheesh! I've never understood what some sysprog's think is so "secret"
>>> about the contents of parmlib. IMHO, UACC(NONE) for parmlib is more
>>> draconian paranoia than anything else. But, that's a discussion for
>>> another thread...
>>>
>>
>> I'm sure we've done this before. Auditors are paranoid ("need to know
basis").
>> Some passwords (JES2 NJE for example) may be kept in parmlib.
>>
>
>PARMLIB is similar to LNKLST in concept. It is a concatenation of
>libraries, specified via PARMLIB statements in the LOADxx member of
>IPLPARM, and accessed via the IEFPRMLB service.
>
Similar, but not the same in respect to this discussion. LNKLST (and
any other loadlib) can be set up with EXECUTE access only. That still
allows one to use it but they can't read the contents or copy it.
>LNKLST has three libraries that are always present on the concatenation.
>The only always-present library for PARMLIB is SYS1.PARMLIB on the IPL
>volume. If this library is not explicitly specified via PARMLIB
>statements, it is added by the system at the end of the concatenation.
>
>JES does not use PARMLIB. It reads its configuration parameters via a
>hard-wired DD statement in its JCL procedure. The specification looks like:
>
>For JES2:
>//HASPPARM DD DISP=SHR,DSN=any.data.set.name(memname)
>
>For JES3:
>//JES3IN DD DISP=SHR,DSN=any.data.set.name(memname)
>
Good point. But many shops keep their JES2 parms in one of the same
parmlibs as the system parmlib concatenation". In the past that was
much more common than today (from what I have seen).
Besides, I used JES2 parms only as an example. There could be
others (although I can't think of any off hand).
>
>Some system programmers like to elevate JES to the level of a BCP
>component by putting its configuration parameters into a library on the
>PARMLIB concatenation. That's fine. But, totally unnecessary. And, if
>some sort of password might be specified therein, arguably
>
Only inappropriate if parmlib has universal read access. :-)
(are we going in circles?)
I don't think it is "elevating JES" it is just a convenient place that system
parms are kept. It's also how IBM has distributed it's sample since ????
and still does. Look at SYS1.SHASSAMP(HASIPROC) and the JES2 init
and tuning. It can be changed as you said, but "it has always been
done that way" at many shops. I personally split it out at shops I've
been at because of size of the members (I also split the parms into
multiple members at the same time).
Anyway... you are preaching to the choir as far as I am concerned and
probably many others on this list. I am just playing devils advocate a
little. It's the auditors (including ours) that you would have to convince.
Yes, I checked and our PARMLIBs have UACC(NONE).
Regards,
Mark
--
Mark Zelden
Sr. Software and Systems Architect - z/OS Team Lead
Zurich North America / Farmers Insurance Group - ZFUS G-ITO
mailto:[EMAIL PROTECTED]
z/OS Systems Programming expert at http://expertanswercenter.techtarget.com/
Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
