Hi Peter, You might also find my presentation on SDSF and RACF helpful, which I just posted on my website.
https://www.rshconsulting.com/RSHpres/RSH_Consulting__SDSF_and_RACF__November_2023.pdf Regards, Bob Robert S. Hansel Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -------------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Level I Administration - DEC 4-8, 2023 - RACF Level II Administration - MAR 18-22, 2024 - RACF Level III Admin, Audit, & Compliance - APR 8-12, 2024 - RACF - Securing z/OS UNIX - FEB 26 - MAR 1, 2024 --------------------------------------------------------------------------------- -----Original Message----- Date: Sun, 3 Dec 2023 08:39:08 +0400 From: Peter <dbajava...@gmail.com> Subject: Re: zOSMF install - SDSF ISFPRMxx Hello Rob Thank you so much for your response Could you please point to your presentation on migrating off from ISFPRMXX to RACF ? Fortunately our shop is very small and we don't have any archiving tool or any automation tool. Peter On Sat, Dec 2, 2023, 9:55 PM Rob Scott <rsc...@rocketsoftware.com> wrote: > Peter, > > Can I strongly suggest you instigate a project to activate OPERCMDS (and > JESSPOOL if not already active). > > ISFPRMx just controls actions within SDSF and does not preclude any > semi-capable programmer from writing code to issue operator commands (or > access SYSOUT using the JES SSI). > > Starting with z/OS 2 5, SDSF no longer uses ISFPRMxx to control security > as everything now only goes through SAF authority. We use the SDSF class > for product controls, and also make OPERCMDS and JESSPOOL checks on the > user's behalf when processing actions taken within the product. > > Please be aware that converting your systems to correctly use OPERCMDS and > JESSPOOL can be a lengthy process, and you should allow many weeks for > testing and validation. > > The OPERCMDS and JESSPOOL classes being activated can affect a broad range > of other products including sysout archiving and automated operations. > > I do have some presentations about SDSF security and can point you in the > right direction if you want. > > As a further note, the old ISFACR tool that was written 25+ years ago to > aid in SAF security migration is showing its age a bit. We have some more > recent (and much simpler) tools and processes now. > > Rob Scott > Rocket Software > > Sent from Samsung Mobile on O2 > Sent from Outlook for Android<https://aka.ms/AAb9ysg> > ________________________________ > From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf > of Peter <dbajava...@gmail.com> > Sent: Saturday, December 2, 2023 9:31:26 AM > To: IBM-MAIN@LISTSERV.UA.EDU <IBM-MAIN@LISTSERV.UA.EDU> > Subject: zOSMF install - SDSF ISFPRMxx > > EXTERNAL EMAIL > > > > > > Hello All > > Good morning > > I have planned to install zOSMF in our test LPAR. Our SDSF uses its own > security features using ISFPRMXX and I can see zOSMF has its own IZUSEC > jobs where it activates OPERCMDS class. We never activated OPERCMDS instead > we manage using ISFPRMXX PARMLIB member. > > Is there anyone who have installed zOSMF with above scenario? > > Peter > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
