A fallout of this thread is that we're looking to assign a new owner to profiles that cover the RACF data sets. I'd like something truly permanent. The RACF STC runs with user SYSRACF, which is a valid userid that no one could log on to. Does that seem reasonable? Then only someone with RACF SPECIAL could make profile changes.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Robert S. Hansel (RSH) Sent: Wednesday, May 24, 2017 3:18 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: RACF Database Hi Skip, Point of clarification. IRRDBU00 no longer required UPDATE access with NOLOCKINPUT as of z/OS 2.2. Regards, Bob -----Original Message----- From: Robert S. Hansel (RSH) [mailto:r.han...@rshconsulting.com] Sent: Wednesday, May 24, 2017 6:07 AM To: 'IBM Mainframe Discussion List' Subject: RE:RACF Database Hi Skip, I very much doubt the security folks need UPDATE access. At one time, the database unload utility IRRDBU00 required UPDATE, but this is no longer the case if using PARM NOLOCKINPUT, and besides, they should only be creating unloads from an offline IRRUT200 copy of the database and not the live one. READ access to generate IRRUT200 copies is the most they should need. Other utilities that require UPDATE access, which I would not expect them to be using, are IRRMIN00 to apply template updates, IRRIRA00 for converting the database to the AIM structure, IRRUT400 to copy/reorg the database, and BLKUPD to repair the database. Regards, Bob Robert S. Hansel *** Celebrating 30 years working with RACF *** Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel http://twitter.com/RSH_RACF www.rshconsulting.com -----Original Message----- Date: Tue, 23 May 2017 21:57:21 +0000 From: Jesse 1 Robinson <jesse1.robin...@sce.com> Subject: Re: RACF Database So it turns out that the number of folks here with ALTER access to RACF data sets is way smaller than I expected. There are however several userids with UPDATE access; they seem to be mostly in the 'security management' department. Do the standard RACF utilities require UPDATE for housekeeping? . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
