Anyone that has RACF special can give you the authority needed. If the sysprog that is no longer there was the only person, that makes it harder.
If you have a product (Omegamon, etc.) that can modify memory, you can turn on the special bit in the ACEE for a user that is logged on, alter your ID to have special, log the user off (to clear the temporary special flag) and you're back in business. If you have update to an APF authorized library, you can write a program to zap the ACEE. RACF has a utility that will allow you to zap the data base, assuming you have update to the DB. Dennis Roach GHG Corporation Lockheed Martin Mission Services Flight Design and Operations Contract NASA/JSC Address: 2100 Space Park Drive LM-15-4BH Houston, Texas 77058 Mail: P.O. Box 58487 Mail Code H4C Houston, Texas 77258 Phone: Voice: (281)336-5027 Cell: (713)591-1059 Fax: (281)336-5410 E-Mail: dennis.ro...@lmco.com All opinions expressed by me are mine and may not agree with my employer or any person, company, or thing, living or dead, on or near this or any other planet, moon, asteroid, or other spatial object, natural or manufactured, since the beginning of time. > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Hal Merritt > Sent: Wednesday, March 25, 2009 10:26 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: In trouble! > > I'd agree that you are in quite a bit of trouble. If your system is > indeed protected with RACF, then it's going to take quite a bit of > effort. I'd avoid hacking (just trying things) or you could lose all > access. Depending on what gets revoked, you can render the system > unusable where it can't even IPL. > > You might be better off posting on the RACF list: > > Send an email to: lists...@listserv.uga.edu > > In the body: subscribe racf-l My Name > > The subject can be blank. > > I suspect that the fastest way to recover may be to install a brand new > system starting with an empty RACF database. Then, depending on how > well the old system is secured*, you might be able to salvage much of > the database content using the DBSYNC and password sync tools. It's > going to be hard and risky. > > Actually, the best way may be to engage IBM or Vanguard to come in and > give you a hand. > > *If the RACF databases are properly secured, then you may not have read > access. > > HTH and good luck. > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On > Behalf Of Vernooy, C.P. - SPLXM > Sent: Wednesday, March 25, 2009 2:55 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: In trouble! > > > > "Miles" <miles....@gmail.com> wrote in message > news:<e8f49062-f5ae-4c67-9961- > c4f4315bc...@n7g2000prc.googlegroups.com>. > .. > > Hi all, Hope you can give me some pointers re the following... > > > > I'm a new sysprog at a small development shop running a z/800 and > z/OS > > 1.4. The previous sysprogs apparently did not leave any userid/ > > password to perform any mvs admin work. All i have is the standard > HMC > > userid/password (ie. userid: SYSPROG). The system was installed using > > AD/CD. > > > > I've explored the following: > > > > (1) Issue a RACF ALU command from the console. I get the following: > > IRRV003I (#) YOU ARE NOT ALLOWED TO ISSUE THE ALTUSER COMMAND AS AN > > OPERATOR COMMAND. > > > > (2) I've tried the standard passwords for IBMUSER, P390 etc - they > > appear to have been changed. > > > > (3) I noticed that IBMUSER exists in UADS. I tried STARTing a job > > which contained tso ACCOUNT/CHANGE commands, in an vain attempt to > > reset the IBMUSER password. This failed because the console id (i > > presume) does not have update access on SYS1.*. > > > > z/OS needs to be upgraded - to 1.7 then 1.10 (from what i understand) > > - will this help me in any way (new UADS or something to do with RACF > > perhaps) ? > > > > Any advice would be appreciated. > > > > Please be gentle - i am relatively new at this. > > > > Thanks, > > Manju > > > > Manju, > I cannot help you with your question, but this newsgroup is a mirror of > a list-server and that is where the majority of the IBM-MAIN population > resides. See the information attached automagically at the bottom. > > Kees. > ********************************************************************** > For information, services and offers, please visit our web site: > http://www.klm.com. This e-mail and any attachment may contain > confidential and privileged material intended for the addressee > only. If you are not the addressee, you are notified that no part > of the e-mail or any attachment may be disclosed, copied or > distributed, and that any other action related to this e-mail or > attachment is strictly prohibited, and may be unlawful. If you have > received this e-mail by error, please notify the sender immediately > by return e-mail, and delete this message. > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries > and/or its employees shall not be liable for the incorrect or > incomplete transmission of this e-mail or any attachments, nor > responsible for any delay in receipt. > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal > Dutch Airlines) is registered in Amstelveen, The Netherlands, with > registered number 33014286 > ********************************************************************** > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > NOTICE: This electronic mail message and any files transmitted with it > are intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or > privileged information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, > please > immediately advise the sender by reply email and delete all copies. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
