On Tue, May 17, 2016 at 9:41 AM, Mike Schwab <mike.a.sch...@gmail.com> wrote:
> Any ID that can grant privileges to another ID. > By the above definition, _every_ id in RACF which has TSO capability is an administrator. How? Suppose that I am BUBBA. I log into TSO. I issue the commands: ADDSD MY.DATASET UACC(NONE) PERMIT MY.DATASET ID(FRED) ACCESS(UPDATE) I have granted priviliges to another ID, therefore I am an Admin user. I would really hope that what the auditor might be satisfied with would be people who are RACF SPECIAL or GROUP-SPECIAL. Of course, many of the z/OS sysprogs on this list know how to make a joke of any security, short of encrypted data to which they don't have the key. -- The unfacts, did we have them, are too imprecisely few to warrant our certitude. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN