The immediate goal is to enable a health check, but as Walt pointed out, the JES2 and/or RACF changes required may affect NJE processing in unintended ways. Yes we have NJE, but we're not prepared to take chances with current functionality until we learn more about possible consequences. For now we plan to disable the check as RSU maintenance rolls out.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of R.S. Sent: Thursday, March 01, 2018 5:47 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Health Check JES_NJE_SECURITY W dniu 2018-02-28 o 20:38, Jesse 1 Robinson pisze: > APAR OA49171 introduces a new health check called JES_NJE_SECURITY . I > understand the motivation for it but I can't figure out how to satisfy the > check's requirements. There's plenty of write-up available, but there lots of > IFs and BUTs. Furthermore, there's reference to the &RACLNDE profile in the > RACFVARS class. We have class RACFVARS active, but it contains no profiles. > > I cannot find an example of how to create/update the &RACLNDE profile. Anyone > have a clue? In general you should keep in mind it's ONLY a healthcheck, some general rule of thumb, but your mileage may vary. For this case: 1. Do you have NJE? 2. Do you think your NJE configuration is secured properly? Can you check it with someone responsible for that? Now details: &RACLNDE may or may not be needed in your setup. Use of &RACLNDE may or may not be security hole. See RACF Security Guide and Walt's response. -- Radoslaw Skorupka Lodz, Poland ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
