> -Original Message-
> From: IBM Mainframe Discussion List On Behalf Of Shmuel Metz (Seymour
J.)
>
> In , on
> 05/02/2010
>at 07:04 AM, "Robert S. Hansel (RSH)"
> said:
>
> >For datasets, the ICH408I message and associated SMF type 80 record
> >will show the Generic profile that was
In , on
05/02/2010
at 07:04 AM, "Robert S. Hansel (RSH)"
said:
>For datasets, the ICH408I message and associated SMF type 80 record
>will show the Generic profile that was guarding the resource at the
>time of the violation or warning.
What about the opposite situation; you want to find out
@bama.ua.edu
Subject: Re: RACF - Any way to find out before hand what the user's access
is to a file
On Sat, 1 May 2010 11:12:00 -0500, Tony wrote:
>
>1. rdef a surrogat profile USER1.submit and permit ourselves to it.
>2. run a batch job as user=USER1 that would attempt to alloca
>In those banking environments, did you protect or monitor the use of the
LISTDSD, RLIST, or SEARCH commands and their aliases?
I wasn't the security admin.
I was just aware of the policy and the potential 'exposure'.
Considering how obsessive most security personel are, I can assume what was
kn
MacNEIL
Subject: Re: RACF - Any way to find out before hand what the user's access
is to a file
>> wants away to check security.
Coming from a Banking background, I believe a user should not have the
ability to check beforehand.
That's a security exposure, because the user may
---
-Original Message-
Date:Sat, 1 May 2010 19:04:47 -0500
From:Paul Gilmartin
Subject: Re: RACF - Any way to find out before hand what the user's access
is to a file
On Sat, 1 May 2010 11:12:00 -0500, Tony wrote:
>
>1. rdef a surrogat profile USER1.submit and permit our
On Sat, 1 May 2010 11:12:00 -0500, Tony wrote:
>
>1. rdef a surrogat profile USER1.submit and permit ourselves to it.
>2. run a batch job as user=USER1 that would attempt to allocate
>HLQ1.NODE2.WHATEVER.TESTRACF.FILE.
>3. run another job to load a record into said file.
>4. run another job to dele
On Sat, 1 May 2010 17:02:39 -0400 Don Leahy wrote:
:>Some shops allow the use of an API to the security system in order to
:>allow applications to determine if a user has access to a resource or
:>not. This can be used to control application behaviour by limiting
:>the data displayed or the acti
>Some shops allow the use of an API to the security system in order to allow
>applications to determine if a user has access to a resource or not.
>This can be used to control application behaviour by limiting the data
>displayed or the actions available.
That is a different situation.
That is c
Some shops allow the use of an API to the security system in order to
allow applications to determine if a user has access to a resource or
not. This can be used to control application behaviour by limiting
the data displayed or the actions available.
To cite a trivial example, an application tha
, and the price is right.
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf
Of Joel C. Ewing
Sent: Saturday, May 01, 2010 7:46 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: RACF - Any way to find out before hand what the user's access
is to a
On Sat, 1 May 2010 13:01:24 +, Ted MacNEIL wrote:
>>> wants away to check security.
>
>Coming from a Banking background, I believe a user should not have the ability
>to check beforehand.
>That's a security exposure, because the user may find something that they
>normally wouldn't.
>
I was h
Who cares if there is decent logging in place.
I also have a banking background (amongst others), and there were situations
where I preferred not
to have code fail unnecessarily. Particularly exits that were checking using
some elses ACEE.
ISTR ACF2 made this more do-able than RACF. No news the
>> wants away to check security.
Coming from a Banking background, I believe a user should not have the ability
to check beforehand.
That's a security exposure, because the user may find something that they
normally wouldn't.
Also, don't blame it on out-sourcing.
I've seen incompetent in-house
On 04/30/2010 07:43 PM, Edward Jaffe wrote:
> Stocker, Herman wrote:
>> To answer the why needed question:
>> On occasion security has stated that access has been given only later
>> to find out that the incorrect access was granted or not granted at
>> all. Causing jobs to fail and time to be los
Stocker, Herman wrote:
To answer the why needed question:
On occasion security has stated that access has been given only later to find
out that the incorrect access was granted or not granted at all. Causing jobs
to fail and time to be lost, therefore the user wants away to check security.
IIRC, it is also a way to verify which profile is covering a file, so if the
SecAdmin said they changed it and it isn't working, you can confirm that the
correct profile was changed.
* Don *
On Fri, Apr 30, 2010 at 10:26 AM, Stocker, Herman <
herman.stoc...@avisbudget.com> wrote:
> Thank you for
Thank you for you fast response.
To answer the why needed question:
On occasion security has stated that access has been given only later to find
out that the incorrect access was granted or not granted at all. Causing jobs
to fail and time to be lost, therefore the user wants away to check sec
Rob Scott wrote:
>Remember that this will *not* take into account any logic in the RACF exits
(if any) that can upgrade/downgrade the user's access - plus there might be
volser-specific rules in effect as well.
I know. The OP asked for a command. My example also assumes there is a
GENERIC prof
On Fri, 30 Apr 2010 06:42:08 -0600 "Stocker, Herman"
wrote:
:>I have been asked if there is away for the user to find out what access they
have to a data set before they attempt to update or read it.
Well, they could ask the security guy.
The real issue is why do they need to know? Obviously,
A
Tel: +1.617.614.2305
Email: rsc...@rs.com
Web: www.rocketsoftware.com
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of
Elardus Engelbrecht
Sent: 30 April 2010 14:14
To: IBM-MAIN@bama.ua.edu
Subject: Re: RACF - Any way to find out before hand wha
Stocker, Herman wrote:
>I have been asked if there is away for the user to find out what access they
have to a data set before they attempt to update or read it.
>Is their any RACF command that a general user could use to find out the
type access they have to a data set?
Yes, let the general us
G'day,
I have been asked if there is away for the user to find out what access they
have to a data set before they attempt to update or read it.
Is their any RACF command that a general user could use to find out the type
access they have to a data set?
Thank you.
Regards,
Herman Stocker
The
23 matches
Mail list logo
