I think the answer to the question "How do sites restrict access to compliers" Endevor or not, is that most don't.
For you particular question, remove the complier load libraries from all systems except the one(s) where their use is intended. Restrict access to the systems with compilers, such that the only access is via the intended pathways to the compliers. That is, no direct TSO/ISPF, FTP, or whatever. I agree with the others, this sounds like the unsound desires of an OCD control freak. Dave Gibney Information Technology Services Washington State University > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On Behalf Of Charles Mills > Sent: Tuesday, February 12, 2013 8:59 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: How do people lock down the compilers "inside" CA Endevor? > > You're right, but as I said earlier, my problem is that you don't win > friends as a vendor by arguing with the customers. > > Charles > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] > On > Behalf Of John Gilmore > Sent: Tuesday, February 12, 2013 7:19 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: How do people lock down the compilers "inside" CA Endevor? > > I agree with Gerhard. > > Control of write-access to critical production libraries is reasonable and > easily achieved using RACF or an equivalent. To go further is unwise for at > least three reasons. > > First, different people pursue development in different ways; and to attempt > to permit it to be done in only one, notionally canonical way is arrogant > and, in my experienvce at least, almost always retrograde. > It enshrines some manager's already obsolescent notions of how to do things > 'properly'. Some of the strongest objections to mainframes that I hear from > the young have to do not with mainframes themselves and not even with JCL. > They have to do with the bureaucratic encrustations---Too many rules!--- > that surround mainframe use. > > Second, as Gerhard has already pointed out, able people will defeat any > control mechanisms you put in place; and they will make a game of doing so. > > Third, such schemes encourage user groups to keep what are really > production > systems under their own private control. In two very large American banks > that I know of the daily B statement to the Federal Reserve is fired off by > an assistant treasurer sitting at a TSO terminal, triggering substantial, > crucial processing that the IT organization wots not of. > > In raising children it is useful to ask the question: Do I need to say no? > before one says it reflexively; and the same principle is useful in IT > management. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
