On Sat, 7 Jul 2012 16:49:13 -0400, Scott Ford <scott_j_f...@yahoo.com> wrote:
>Joel, > >Hers the exact error: > > >11.51.03 STC00472 CSV025I PROGRAM CONTROLLED MODULE ADDUSER NOT ACCESSED, USE >11.51.03 STC00472 IEF196I CSV025I PROGRAM CONTROLLED MODULE ADDUSER NOT ACCES >11.51.03 STC00472 IEF196I UNAUTHORIZED >11.51.03 STC00472 CSV028I ABEND306-30 JOBNAME=RACF STEPNAME=RACF >11.51.03 STC00472 IEF196I CSV028I ABEND306-30 JOBNAME=RACF STEPNAME=RACF > That should indicate that they have not given the RACF subsystem address space access to whatever PROGRAM profile they have defined to control use of ADDUSER. And that they are not running the subsystem TRUSTED, which is always a good idea for recovery and availability purposes. Note that they should not use program control for ADDUSER, as there are adequate other controls in place, so they may have an overly broad PROGRAM generic, such as PROGRAM *, with an overly restrictive access list. It should have UACC(READ) or at a minimum ID(*) ACCESS(READ). That should be true, imho, even if they have "hardened" their system. And anyone who decides to "harden" a system certainly should have kept documentation about what they did, and why, with a good rationale for all the protections they've applied. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
