On Friday, 01/21/2011 at 07:57 EST, Scott Rohling <scott.rohl...@gmail.com> wrote: > The best I can come up with here is that RACF OPERATIONS authority is somewhat > similar to LNKNOPAS.. is that what you mean?
Please be careful with OPERATIONS. It gives complete access to ANY resource in the system that is defined as OPER=YES in the RACF Class Descriptor Table (ICHRRCDX and ICHRRCDE). It is meant for things like backup/restore programs that may need access to any and all minidisks (and SFS files and directories, if you protect SFS with RACF). If sharing a RACF DB with z/OS, you are also giving the person access to all DASDVOLs. If I were to audit your system and find OPERATIONS authority assigned in lieu of access to a generic profile (say), I would rap your knuckles, once for each violation. (Plus an extra one just because I enjoy it. Bwaahahahaaaa!) Alan Altmark z/VM and Linux on System z Consultant IBM System Lab Services and Training ibm.com/systems/services/labservices office: 607.429.3323 alan_altm...@us.ibm.com IBM Endicott
