On Friday, 09/28/2007 at 10:34 EDT, [EMAIL PROTECTED] wrote: > To IPL the Non-RACF CP Nucleus, you'll need the SALIPL screen to select it - > which would require the Resident VM Guru to be present (to know how to run > SALIPL).
SHUTDOWN REIPL MODULE NORACF >That being the case, the production VM would be down, and the > "supervisor overhead" at that point would probably be very high ("When is it > going to be back up???") Auditablility would be moot at that point... there > would be enough people standing over your shoulder watching, you wouldn't get > away with much of anything :-) You can't (shouldn't?) prevent Operations from starting the non-RACF nuc. What you *should* do is ensure that you don't start Production operations by accident or overeagerness on that nuc. But auditability "moot"? Only if your management-approved security policy allows it. You want your "Get Out Of Jail Free" card; do not accept personal responsibility for running production without required auditing and access controls in place. Require direction of management, which must be enshrined in the security policy that you follow. It should say under what conditions such operations are allowed (preferred), or direct you to contact a Very Important Person to get a decision. Preferably in writing. But as Rob implies, if you are permitted to run without your ESM, be sure to test that configuration. I've watched systems go down in flames because no one knows the passwords in the directory (which are not necessarily the same as in your ESM), or minidisks do not have the needed passwords. No VSWITCH GRANTs. (Hint: When DIRMAINT and RACF are working together, the password in the source directory is randomized by DIRMAINT to prevent inadvertent disclosure of the password in clear-text.) Alan Altmark z/VM Development IBM Endicott