Brevity on my part has led to lack of clarity. My interpretation of "protecting ADRDSSU" was to build a profile in the program class, then selectively permit it to some trusted users. This approach is nonsense.
That which is illustrated below I am interpreting as "protecting the various different functions of ADRDSSU" by building profiles in RACF's facility class, then selectively permitting them to trusted users. This approach has merit. I promise to elaborate in the future. -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Elardus Engelbrecht Sent: Tuesday, April 28, 2009 6:07 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Using FTP to send loadlib Tony B. wrote: > Protecting ADRDSSSU is nonsense. Why? There are two ways to protect ADRDSSU in RACF: 1. PROGRAM CLASS 2. FACILITY CLASS profiles: Example: STGADMIN.ADR.STGADMIN.DUMP - To dump dsn without having READ access to datasets on condition you use ADMINISTRATOR keyword. Ted MacNEIL wrote: >ADRDSSU at least makes sense. Yup! Here I agree 100.00% with Ted. ;) Paul Gilmartin wrote: >Does ADRDSSU allow a programmer to dump data sets lacking READ access, or to dump a volume containing data sets to which the programmer lacks read access? Yes, but with correct FACILITY class profiles and ADMINISTRATOR keyword. For volumes you need DASDVOL class profiles. >If so, ADRDSSU sorely needs repair, perhaps by restricting the volume dump function and by preforming SAF checks for data set dumps. But a blanket restriction of all ADRDSSU function makes no sense. No repair is needed at all for this. Hope this clears up any misunderstandings. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.0.238 / Virus Database: 270.12.4/2082 - Release Date: 04/27/09 18:00:00 ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
