Re: HSM AUTH DATABASEAUTHORITY
I don't have a system in front of me at the moment to verify, but I think that the authorised users are stored as record type U. The following command will verify if this is correct. HSEND FIXCDS U userid If it is then the record can be removed with this command. HSEND FIXCDS U userid DELETE Brian On Sat, Aug 8, 2009 at 4:18 AM, Anthony Fletcher wrote: > Thank you, the AUTH userid REVOKE was indeed actioned even though the > message says IS NOT CHANGED > > > regards, > Anthony Fletcher - MNZCS > Team Lead NZ SMM > (AirNZ, Westpac NZ , TelstraClear NZ and NWM AU) > > IBM Global Technology Services > Server Systems Operations > Server Management Mainframe > Global Services Delivery Australia and New Zealand > NZ z/OS Software Program Manager > z/OS Technical Lead A/NZ > > Ph: Direct +64 4 576 8142, tieline 61 929 8142, ITN > *869298142, mobile +64 21 464 864, Fax +64 4 576 5808. > Internet: flet...@nz1.ibm.com, Sametime: flet...@nz1.ibm.com > > "The biggest threat to effective communication is the belief that it has > occurred" > "Winners make commitments, Losers make promises" > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HSM AUTH DATABASEAUTHORITY
Thank you, the AUTH userid REVOKE was indeed actioned even though the message says IS NOT CHANGED regards, Anthony Fletcher - MNZCS Team Lead NZ SMM (AirNZ, Westpac NZ , TelstraClear NZ and NWM AU) IBM Global Technology Services Server Systems Operations Server Management Mainframe Global Services Delivery Australia and New Zealand NZ z/OS Software Program Manager z/OS Technical Lead A/NZ Ph: Direct +64 4 576 8142, tieline 61 929 8142, ITN *869298142, mobile +64 21 464 864, Fax +64 4 576 5808. Internet: flet...@nz1.ibm.com, Sametime: flet...@nz1.ibm.com "The biggest threat to effective communication is the belief that it has occurred" "Winners make commitments, Losers make promises" -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
Re: HSM AUTH DATABASEAUTHORITY
At some convenient time, such as just before or after a scheduled IPL, you could deactivate the FACILITY class in RACF, issue all the AUTH REVOKE commands, and reactivate the FACILITY class. Alternately, add the REVOKE commands to ARCCMDxx and recycle HSM. Or have one of the currently RACF authorized users issue the REVOKE commands. The manual says the update is performed even if it has no immediate effect while RACF protection is active. In either case, I would keep at least one user ID authorized just in case RACF control should become ineffective for some reason. -Original Message- From: Anthony Fletcher Sent: Thursday, August 06, 2009 9:48 PM To: IBM-MAIN@bama.ua.edu Subject: HSM AUTH DATABASEAUTHORITY Does anyone know whether there is a way to delete old HSM AUTH records from the HSM data sets. Removing the AUTH userid DBA(CONTROL) command from ARCCMDxx stops them being added, but they are still saved somewhere until deleted with the AUTH userid REVOKE command. Since HSM started using RACF facility resources, any use of the AUTH command results in message ARC0180I user AUTHORIZATION IS NOT CHANGED. This means if the HLIST USER command is issued, a list of userids is returned that is not the effective list. The list is preceeded by the message ARC1700I DFSMSHSM COMMANDS ARE RACF PROTECTED but it is not clear that the list provided is ineffective. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
HSM AUTH DATABASEAUTHORITY
Does anyone know whether there is a way to delete old HSM AUTH records from the HSM data sets. Removing the AUTH userid DBA(CONTROL) command from ARCCMDxx stops them being added, but they are still saved somewhere until deleted with the AUTH userid REVOKE command. Since HSM started using RACF facility resources, any use of the AUTH command results in message ARC0180I user AUTHORIZATION IS NOT CHANGED. This means if the HLIST USER command is issued, a list of userids is returned that is not the effective list. The list is preceeded by the message ARC1700I DFSMSHSM COMMANDS ARE RACF PROTECTED but it is not clear that the list provided is ineffective. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html