Re: Short user description in sample CP directory
Thank you! Thank you! Thank you! The most beautiful and well written web page I ever saw. Should be required reading for everyone who ever allocates VM dasd. Alan Altmark wrote: By the way, the VTOC page is done. Please see http://www.vm.ibm.com/devpages/altmarka/vtoc.html for information about the VTOC on a CP-owned volume. Alan Altmark z/VM Development IBM Endicott -- Stephen Frazier Information Technology Unit Oklahoma Department of Corrections 3400 Martin Luther King Oklahoma City, Ok, 73111-4298 Tel.: (405) 425-2549 Fax: (405) 425-2554 Pager: (405) 690-1828 email: stevef%doc.state.ok.us
Short user description in sample CP directory
Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? I find that the number of predefined users (many SVM's) is growing more quickly than I can remember them (and I mostly forget the userids I don't use) Some users are selfexplanatory, others are not. Examples 5684042J SYSADMIN CBDIODSP The first one is obviously a product install user, but I can't remember these product numbers (5VMTCP40 is something userfriendly). To find out what they are used for, most of the time I link to their 191 to get a clue. (happily for me I've got an XEDIT prefix command to LINK,ACCESS, FILELIST and DETACH the MDISK wheer I enter the commend) I'd include the product ID in the short description. Yielding: USER 5684052J * 5684042J ICKDSF installation userid .. USER SYSADMIN * 5VMRAC40 RACF ? . USER CBDIODSP * 5VMHCD40 HCD ??? . -- Kris Buelens, IBM Belgium, VM customer support
Re: Short user description in sample CP directory
Excellent idea.. I just recently ran through the directory at a customer site, coming up with an explanation for the security folks of what the purpose of each IBM supplied user was. I took the same approach, linking to their 191, or searching through manuals to figure it out. Having a single line comment with a description would be a simple way to help keep things documented. Scott On Tue, Feb 10, 2009 at 7:11 AM, Kris Buelens kris.buel...@gmail.comwrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? I find that the number of predefined users (many SVM's) is growing more quickly than I can remember them (and I mostly forget the userids I don't use) Some users are selfexplanatory, others are not. Examples 5684042J SYSADMIN CBDIODSP The first one is obviously a product install user, but I can't remember these product numbers (5VMTCP40 is something userfriendly). To find out what they are used for, most of the time I link to their 191 to get a clue. (happily for me I've got an XEDIT prefix command to LINK,ACCESS, FILELIST and DETACH the MDISK wheer I enter the commend) I'd include the product ID in the short description. Yielding: USER 5684052J * 5684042J ICKDSF installation userid .. USER SYSADMIN * 5VMRAC40 RACF ? . USER CBDIODSP * 5VMHCD40 HCD ??? . -- Kris Buelens, IBM Belgium, VM customer support
Re: Short user description in sample CP directory
It can be even better. DIRMAINT, IBM's directory management product had a feature that understood TAGs in comments in a directory entry. So you cou ld have real parsable data in these comments. USER 5699XXX NOLOG * PRODUCT: 5699-XXX * LEVEL: 5.3.42 * DESCRIPTION: This is some sort of product. SPOOL 0009 3215 T ... These TAGS are/were queryable, searchable, displayable. IBM should require them from ALL of their VM developers. /Tom Kern On Tue, 10 Feb 2009 07:20:46 -0700, Scott Rohling scott.rohl...@gmail.co m wrote: Excellent idea.. I just recently ran through the directory at a custom er site, coming up with an explanation for the security folks of what the purpose of each IBM supplied user was. I took the same approach, linkin g to their 191, or searching through manuals to figure it out. Having a single line comment with a description would be a simple way to help keep things documented. Scott
Re: Short user description in sample CP directory
Here is what I use; USER RSCS RSCS 32M 32M BG *NAME: ENABLED - RSCS FL530 USING SFS Scott R Wandschneider Senior Systems Programmer|| Infocrossing, a Wipro Company || 11707 Miracle Hills Drive, Omaha, NE, 68154-4457|| ': 402.963.8905 || Ë:847.849.7223 || :: scott.wandschnei...@infocrossing.com **Think Green - Please print responsibly** -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Kris Buelens Sent: Tuesday, February 10, 2009 8:11 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Short user description in sample CP directory Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? I find that the number of predefined users (many SVM's) is growing more quickly than I can remember them (and I mostly forget the userids I don't use) Some users are selfexplanatory, others are not. Examples 5684042J SYSADMIN CBDIODSP The first one is obviously a product install user, but I can't remember these product numbers (5VMTCP40 is something userfriendly). To find out what they are used for, most of the time I link to their 191 to get a clue. (happily for me I've got an XEDIT prefix command to LINK,ACCESS, FILELIST and DETACH the MDISK wheer I enter the commend) I'd include the product ID in the short description. Yielding: USER 5684052J * 5684042J ICKDSF installation userid .. USER SYSADMIN * 5VMRAC40 RACF ? . USER CBDIODSP * 5VMHCD40 HCD ??? . Confidentiality Note: This e-mail, including any attachment to it, may contain material that is confidential, proprietary, privileged and/or Protected Health Information, within the meaning of the regulations under the Health Insurance Portability Accountability Act as amended. If it is not clear that you are the intended recipient, you are hereby notified that you have received this transmittal in error, and any review, dissemination, distribution or copying of this e-mail, including any attachment to it, is strictly prohibited. If you have received this e-mail in error, please immediately return it to the sender and delete it from your system. Thank you. -- Kris Buelens, IBM Belgium, VM customer support
Re: Short user description in sample CP directory
On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens kris.buel...@gmail.com wrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? Yes. (It was suggested here previously so that RACF initialization can associate a name/purpose with a user ID.) I have some concerns about storing metadata in comments in the directory, but I guess I can get over it. I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties. However, in the case of Sooner v. Later, more complex solutions always side with Later. Though maybe, with apologies to Voltaire, I shouldn't allow the Perfect to become the enemy of Good Enough? Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
Even though it was in my mind, I didn't dare asking for a full fledged solution: a comment record doesn't require extra coding. At my former customer's installation, the first record following USER had the name of the person (or role if SVM), and was indeed carried over to RACF as well. 2009/2/10 Alan Altmark alan_altm...@us.ibm.com: On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens kris.buel...@gmail.com wrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? Yes. (It was suggested here previously so that RACF initialization can associate a name/purpose with a user ID.) I have some concerns about storing metadata in comments in the directory, but I guess I can get over it. I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties. However, in the case of Sooner v. Later, more complex solutions always side with Later. Though maybe, with apologies to Voltaire, I shouldn't allow the Perfect to become the enemy of Good Enough? Alan Altmark z/VM Development IBM Endicott -- Kris Buelens, IBM Belgium, VM customer support
Re: Short user description in sample CP directory
Would be nice if there was some consistent key like IBM Supplied or z/VM Component in the description. That way we can make a list from the new install and compare it to the list on the current system. That'd allow us to more easily identify ones that went away as well so we're not carrying them to infinity. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Tuesday, February 10, 2009 7:42 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Short user description in sample CP directory On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens kris.buel...@gmail.com wrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? Yes. (It was suggested here previously so that RACF initialization can associate a name/purpose with a user ID.) I have some concerns about storing metadata in comments in the directory, but I guess I can get over it. I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties. However, in the case of Sooner v. Later, more complex solutions always side with Later. Though maybe, with apologies to Voltaire, I shouldn't allow the Perfect to become the enemy of Good Enough? Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
We had that desire, too. So years ago I wrote an ADDUSER EXEC for our Security Admins (who have a strong z/OS RACF bias and rarely issues VM:Secure commands manually). Aside from the usual 'stuff' needed to enter a new userid, it included a record in one of the formats: *UI= lastname, firstname, EN= employee number or: *UI= ownerid, SVM usage Were I to do it again today, the format might be more along the lines of: *UI= userid, contactid, lastname, firstname, EN= employee number Including the actual userid in the record is redundant with the USER userid ... record above, but it is simpler to search in XEDIT without using a Pipe and juxtapose stage; just issue: ALL /*UI= / In the above wish list, 'contactid' would usually match the 'userid', except for service virtual machines. 'Contactid' gives a clue who to contact for an application svm. Installed product svms would probably have a 'contactid' of MAINT. Mike Walter Hewitt Associates Any opinions expressed herein are mine alone and do not necessarily represent the opinions or policies of Hewitt Associates. Kris Buelens kris.buel...@gmail.com Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/10/2009 10:19 AM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Short user description in sample CP directory Even though it was in my mind, I didn't dare asking for a full fledged solution: a comment record doesn't require extra coding. At my former customer's installation, the first record following USER had the name of the person (or role if SVM), and was indeed carried over to RACF as well. 2009/2/10 Alan Altmark alan_altm...@us.ibm.com: On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens kris.buel...@gmail.com wrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? Yes. (It was suggested here previously so that RACF initialization can associate a name/purpose with a user ID.) I have some concerns about storing metadata in comments in the directory, but I guess I can get over it. I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties. However, in the case of Sooner v. Later, more complex solutions always side with Later. Though maybe, with apologies to Voltaire, I shouldn't allow the Perfect to become the enemy of Good Enough? Alan Altmark z/VM Development IBM Endicott -- Kris Buelens, IBM Belgium, VM customer support The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
Re: Short user description in sample CP directory
On Tuesday, 02/10/2009 at 11:38 EST, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Would be nice if there was some consistent key like IBM Supplied or z/VM Component in the description. That way we can make a list from the new install and compare it to the list on the current system. That'd allow us to more easily identify ones that went away as well so we're not carrying them to infinity. Being able to easily pick the, fly-, uh, droppings out of the pepper, as it were, is part of the justification for putting a owner/name/description with a user ID. - Who does this user ID belong to? - Is it an animal, vegetable, or mineral? (person, SVM, data repository) - What is it for? - Why does it need class C? - Is it required or optional? - How can I associate it with a unique identifier in my own business process? All with an eye to: - Ease directory migration from release to release - Avoid having to read 30 books to answer What's this for? - Making auditors/security people happier A simple comment in the directory may be able to achieve those objectives, but as a software designer it gives me the cold pricklies. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
Oh, and while we are at it, how about some consistentcy in the ACCOUNT statement. Something that a pipe change all could fix. There's a wild variety of things in there today, if they do indeed have an account statement at all. Marcy This message may contain confidential and/or privileged information. If you are not the addressee or authorized to receive this for the addressee, you must not use, copy, disclose, or take any action based on this message or any information herein. If you have received this message in error, please advise the sender immediately by reply e-mail and delete this message. Thank you for your cooperation. -Original Message- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Tuesday, February 10, 2009 9:54 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: [IBMVM] Short user description in sample CP directory On Tuesday, 02/10/2009 at 11:38 EST, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Would be nice if there was some consistent key like IBM Supplied or z/VM Component in the description. That way we can make a list from the new install and compare it to the list on the current system. That'd allow us to more easily identify ones that went away as well so we're not carrying them to infinity. Being able to easily pick the, fly-, uh, droppings out of the pepper, as it were, is part of the justification for putting a owner/name/description with a user ID. - Who does this user ID belong to? - Is it an animal, vegetable, or mineral? (person, SVM, data repository) - What is it for? - Why does it need class C? - Is it required or optional? - How can I associate it with a unique identifier in my own business process? All with an eye to: - Ease directory migration from release to release - Avoid having to read 30 books to answer What's this for? - Making auditors/security people happier A simple comment in the directory may be able to achieve those objectives, but as a software designer it gives me the cold pricklies. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties Except Humans, of course. :) MA On Tue, Feb 10, 2009 at 10:41 AM, Alan Altmark alan_altm...@us.ibm.comwrote: On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens kris.buel...@gmail.com wrote: Has it been suggested already that the sample CP directory would contain, for each userid, a one sentence description? Yes. (It was suggested here previously so that RACF initialization can associate a name/purpose with a user ID.) I have some concerns about storing metadata in comments in the directory, but I guess I can get over it. I prefer to have such data stored in the object directory where it can be interrogated, updated, and supported by a wide variety of Interested Parties. However, in the case of Sooner v. Later, more complex solutions always side with Later. Though maybe, with apologies to Voltaire, I shouldn't allow the Perfect to become the enemy of Good Enough? Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
Alan, Would it at least be possible for the information contained in those 30 IBM manuals recording the various userids included by IBM in z/VM, be gathered into one manual? Say the Guide for Automated Installation and Service, which already has Appendix E: Contents of the z/VM System (or whereever you like). Would that result in warm fuzzies instead of cold pricklies? :-) On my system, each new userid gets a file on his A disk when created, containing his name, location, department and title. Sure, it could be erased, but its more accessible than the directory for someone trying to figure out whose id this is. Ron On Tue, Feb 10, 2009 at 11:54 AM, Alan Altmark alan_altm...@us.ibm.com wrote: On Tuesday, 02/10/2009 at 11:38 EST, Marcy Cortes marcy.d.cor...@wellsfargo.com wrote: Would be nice if there was some consistent key like IBM Supplied or z/VM Component in the description. That way we can make a list from the new install and compare it to the list on the current system. That'd allow us to more easily identify ones that went away as well so we're not carrying them to infinity. Being able to easily pick the, fly-, uh, droppings out of the pepper, as it were, is part of the justification for putting a owner/name/description with a user ID. - Who does this user ID belong to? - Is it an animal, vegetable, or mineral? (person, SVM, data repository) - What is it for? - Why does it need class C? - Is it required or optional? - How can I associate it with a unique identifier in my own business process? All with an eye to: - Ease directory migration from release to release - Avoid having to read 30 books to answer What's this for? - Making auditors/security people happier A simple comment in the directory may be able to achieve those objectives, but as a software designer it gives me the cold pricklies. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
On Tuesday, 02/10/2009 at 01:18 EST, Ron Schmiedge ron.schmie...@gmail.com wrote: Would it at least be possible for the information contained in those 30 IBM manuals recording the various userids included by IBM in z/VM, be gathered into one manual? Say the Guide for Automated Installation and Service, which already has Appendix E: Contents of the z/VM System (or whereever you like). Would that result in warm fuzzies instead of cold pricklies? :-) Ew! How low-tech! ;-) I got burned a couple of decades ago by my attempt to document every CMS command so that application writers (!) would know if it were resident in the nucleus, ran in the user area, the transient area, or was a nucleus extension. On the positive side, I can say that the information was valid for *several* months! In a row, even! I would rather have a solution that doesn't depend on reading Yet Another Manual. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
Alan, Okay. Although this is a manual I am already reading, not GC-YetAnother-09 :-) In the meantime, who will help me identify what those 91 IBM ids in my VM directory are for? Ron On Tue, Feb 10, 2009 at 4:10 PM, Alan Altmark alan_altm...@us.ibm.com wrote: On Tuesday, 02/10/2009 at 01:18 EST, Ron Schmiedge ron.schmie...@gmail.com wrote: Would it at least be possible for the information contained in those 30 IBM manuals recording the various userids included by IBM in z/VM, be gathered into one manual? Say the Guide for Automated Installation and Service, which already has Appendix E: Contents of the z/VM System (or where ever you like). Would that result in warm fuzzies instead of cold pricklies? :-) Ew! How low-tech! ;-) I got burned a couple of decades ago by my attempt to document every CMS command so that application writers (!) would know if it were resident in the nucleus, ran in the user area, the transient area, or was a nucleus extension. On the positive side, I can say that the information was valid for *several* months! In a row, even! I would rather have a solution that doesn't depend on reading Yet Another Manual. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
If IBM as a software development team put all of that configuration information into some snazzy database (SQL/DS comes to mind), you could easily and automatically generate a manual or appendix that gives all of the current information for the customer as part of the the release documentation. You could even have some big letters saying that it only applies to Version x, Release y, Modification z. /Tom Kern /ITIL V3 training is making my head spin with crazy ideas. Alan Altmark wrote: On Tuesday, 02/10/2009 at 01:18 EST, Ron Schmiedge ron.schmie...@gmail.com wrote: Would it at least be possible for the information contained in those 30 IBM manuals recording the various userids included by IBM in z/VM, be gathered into one manual? Say the Guide for Automated Installation and Service, which already has Appendix E: Contents of the z/VM System (or whereever you like). Would that result in warm fuzzies instead of cold pricklies? :-) Ew! How low-tech! ;-) I got burned a couple of decades ago by my attempt to document every CMS command so that application writers (!) would know if it were resident in the nucleus, ran in the user area, the transient area, or was a nucleus extension. On the positive side, I can say that the information was valid for *several* months! In a row, even! I would rather have a solution that doesn't depend on reading Yet Another Manual. Alan Altmark z/VM Development IBM Endicott
Re: Short user description in sample CP directory
On Tuesday, 02/10/2009 at 05:27 EST, Ron Schmiedge ron.schmie...@gmail.com wrote: Okay. Although this is a manual I am already reading, not GC-YetAnother-09 :-) In the meantime, who will help me identify what those 91 IBM ids in my VM directory are for? I'm working on it. Hopefully I'll have it done this week and published on my web page. Also pending is cookbook information on X.509 certificate management. By the way, the VTOC page is done. Please see http://www.vm.ibm.com/devpages/altmarka/vtoc.html for information about the VTOC on a CP-owned volume. Alan Altmark z/VM Development IBM Endicott