On Friday, 09/28/2007 at 10:34 EDT, [EMAIL PROTECTED] wrote:
> To IPL the Non-RACF CP Nucleus, you'll need the SALIPL screen to select
it -
> which would require the Resident VM Guru to be present (to know how to
run
> SALIPL).
SHUTDOWN REIPL MODULE NORACF
>That being the case, the production VM would be down, and the
> "supervisor overhead" at that point would probably be very high ("When
is it
> going to be back up???") Auditablility would be moot at that point...
there
> would be enough people standing over your shoulder watching, you
wouldn't get
> away with much of anything :-)
You can't (shouldn't?) prevent Operations from starting the non-RACF nuc.
What you *should* do is ensure that you don't start Production operations
by accident or overeagerness on that nuc.
But auditability "moot"? Only if your management-approved security policy
allows it. You want your "Get Out Of Jail Free" card; do not accept
personal responsibility for running production without required auditing
and access controls in place. Require direction of management, which must
be enshrined in the security policy that you follow. It should say under
what conditions such operations are allowed (preferred), or direct you to
contact a Very Important Person to get a decision. Preferably in writing.
But as Rob implies, if you are permitted to run without your ESM, be sure
to test that configuration. I've watched systems go down in flames
because no one knows the passwords in the directory (which are not
necessarily the same as in your ESM), or minidisks do not have the needed
passwords. No VSWITCH GRANTs. (Hint: When DIRMAINT and RACF are working
together, the password in the source directory is randomized by DIRMAINT
to prevent inadvertent disclosure of the password in clear-text.)
Alan Altmark
z/VM Development
IBM Endicott
