At the previous shop they used sailpoint to replace most of the RACF team... just sayin
MS -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of John P. Baker Sent: Wednesday, May 22, 2019 2:07 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [E!] Re: Automatic Alias Creation CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe. ________________________________ Sasan, SailPoint IIQ can be customized to issue the IDCAMS DEFINE ALIAS and the IDCAMS DELETE ALIAS commands. The "CTSxxxxx" STCs will need to have the requisite "READ" access to resource ID "STGADMIN.IGG.DEFDEL.UALIAS" in resource class ID "FACILITY". John P. Baker -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Sasan Mirkhani Sent: Wednesday, May 22, 2019 2:03 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [E!] Re: Automatic Alias Creation That's actually what we've been doing for a long time. Our Sec admins use ISPF interface to make all RACF/TSO definitions. We will soon be using a new product to provision RACF IDs called Sailpoint IIQ. IIQ uses LDAP Server to provision RACF IDs and that will most likely be done by Helpdesk or other users who have little knowledge of RACF and TSO. We have to figure out a way to automate the ALIAS creation process when a RACF ID with TSO segment is defined but I'm not sure how we can do that yet. -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Carmen Vitullo Sent: May-22-19 1:56 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: [E!] Re: Automatic Alias Creation who is responsible for setting up the ID's? most places I've been its the security team that creates the ID' provides the access to resources and creates the alias's, that can be, and have been streamlined in a lot of places I worked, the SECADMIN's only need to run a REXX or CLIST, provide the ID to get started and that script creates all the required security, and creates the ALIAS for the ID Carmen Vitullo ----- Original Message ----- From: "Sasan Mirkhani" <sasan.mirkh...@intact.net> To: IBM-MAIN@LISTSERV.UA.EDU Sent: Wednesday, May 22, 2019 12:41:13 PM Subject: Automatic Alias Creation Hi list, We're currently provisioning RACF IDs using the Tivoli Directory Server (LDAP SDBM backend). For IDs that are defined with TSO segment we need to figure out a way to automatically create an ALIAS. What would be the best way to go about this? I've thought about doing it in our LOGON PROC, however that would require users to have UPDATE access to the master catalog which we would like to avoid. How else can we go about this? Thanks ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or may constitute as attorney work product. If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, notify us immediately by telephone and (i) destroy this message if a facsimile or (ii) delete this message immediately if this is an electronic communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
