Peter The latest APAR for the new sample and REXX is :
PH55420 Included is a starter set sequence of RACF commands to implement a simple SDSF security setup assuming three types of users : sysprogs, operators and general users. Also included is a REXX exec that takes SDSF “NTBL/NTBLENT” statements from ISFPRMxx and converts them to profile definitions for JESSPOOL resources. We find that the above is sufficient for most customers to get started. All SDSF presentations from Share and GSE can be found at the IBM education github : https://github.com/IBM/IBM-Z-zOS/tree/main/zOS-Education/ Checkout the 2.5 and 3.1 folders and look for the “SDSF Security – How does it work on z/OS 2.5+” slide deck. We also found that once customers understand what SDSF is doing under the covers for the various panels and actions, the migration makes much more sense. I hope the above is helpful Rob Scott Rocket Software From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Peter Sent: Sunday, December 3, 2023 4:09 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: zOSMF install - SDSF ISFPRMxx EXTERNAL EMAIL Well I was able to find a utility developed by rocket software ISFACR and it helped me to generate some commands which were required as part of my migration found that already my system had OPERCMDS enabled but other Classes were not activated. The generated command also deletes the existing OPERCMDS profile which I will skip and run others if it is required On Sun, Dec 3, 2023, 8:39 AM Peter <dbajava...@gmail.com<mailto:dbajava...@gmail.com>> wrote: > Hello Rob > > Thank you so much for your response > > Could you please point to your presentation on migrating off from ISFPRMXX > to RACF ? > > Fortunately our shop is very small and we don't have any archiving tool or > any automation tool. > > Peter > > On Sat, Dec 2, 2023, 9:55 PM Rob Scott > <rsc...@rocketsoftware.com<mailto:rsc...@rocketsoftware.com>> wrote: > >> Peter, >> >> Can I strongly suggest you instigate a project to activate OPERCMDS (and >> JESSPOOL if not already active). >> >> ISFPRMx just controls actions within SDSF and does not preclude any >> semi-capable programmer from writing code to issue operator commands (or >> access SYSOUT using the JES SSI). >> >> Starting with z/OS 2 5, SDSF no longer uses ISFPRMxx to control security >> as everything now only goes through SAF authority. We use the SDSF class >> for product controls, and also make OPERCMDS and JESSPOOL checks on the >> user's behalf when processing actions taken within the product. >> >> Please be aware that converting your systems to correctly use OPERCMDS >> and JESSPOOL can be a lengthy process, and you should allow many weeks for >> testing and validation. >> >> The OPERCMDS and JESSPOOL classes being activated can affect a broad >> range of other products including sysout archiving and automated operations. >> >> I do have some presentations about SDSF security and can point you in the >> right direction if you want. >> >> As a further note, the old ISFACR tool that was written 25+ years ago to >> aid in SAF security migration is showing its age a bit. We have some more >> recent (and much simpler) tools and processes now. >> >> Rob Scott >> Rocket Software >> >> Sent from Samsung Mobile on O2 >> Sent from Outlook for Android<https://aka.ms/AAb9ysg<https://aka.ms/AAb9ysg>> >> ________________________________ >> From: IBM Mainframe Discussion List >> <IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@LISTSERV.UA.EDU>> on behalf >> of Peter <dbajava...@gmail.com<mailto:dbajava...@gmail.com>> >> Sent: Saturday, December 2, 2023 9:31:26 AM >> To: IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@LISTSERV.UA.EDU> >> <IBM-MAIN@LISTSERV.UA.EDU<mailto:IBM-MAIN@LISTSERV.UA.EDU>> >> Subject: zOSMF install - SDSF ISFPRMxx >> >> EXTERNAL EMAIL >> >> >> >> >> >> Hello All >> >> Good morning >> >> I have planned to install zOSMF in our test LPAR. Our SDSF uses its own >> security features using ISFPRMXX and I can see zOSMF has its own IZUSEC >> jobs where it activates OPERCMDS class. We never activated OPERCMDS >> instead >> we manage using ISFPRMXX PARMLIB member. >> >> Is there anyone who have installed zOSMF with above scenario? >> >> Peter >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu> with >> the message: INFO IBM-MAIN >> >> >> ================================ >> Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA >> 02451 ? Main Office Toll Free Number: +1 855.577.4323 >> Contact Customer Support: >> https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport<https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport> >> Unsubscribe from Marketing Messages/Manage Your Subscription Preferences >> - >> http://www.rocketsoftware.com/manage-your-email-preferences<http://www.rocketsoftware.com/manage-your-email-preferences> >> Privacy Policy - >> http://www.rocketsoftware.com/company/legal/privacy-policy<http://www.rocketsoftware.com/company/legal/privacy-policy> >> ================================ >> >> This communication and any attachments may contain confidential >> information of Rocket Software, Inc. All unauthorized use, disclosure or >> distribution is prohibited. If you are not the intended recipient, please >> notify Rocket Software immediately and destroy all copies of this >> communication. Thank you. >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu> with >> the message: INFO IBM-MAIN >> > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu<mailto:lists...@listserv.ua.edu> with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
