Re: RACF - CLASS(PROGRAM)

2009-06-07 Thread Walt Farrell
On Sat, 6 Jun 2009 19:12:35 +0200, R.S. wrote: >Walt Farrell pisze: >[...] >> I agree with the others that you really need to explore what your auditors >> are intending to accomplish, and provide some education to them. > >(This is semi off-topic, since it is - let's say - political issue.) >The

Re: RACF - CLASS(PROGRAM)

2009-06-06 Thread R.S.
Walt Farrell pisze: [...] I agree with the others that you really need to explore what your auditors are intending to accomplish, and provide some education to them. (This is semi off-topic, since it is - let's say - political issue.) The question is why should I educate auditors? Why should th

Re: RACF - CLASS(PROGRAM)

2009-06-05 Thread Walt Farrell
On Wed, 3 Jun 2009 13:22:26 -0500, Mark Baron wrote: >Does anyone know if there is a way, using CLASS(PROGRAM) in RACF (z/OS V1R8 >and higher) to define all accesses to a given program?? > >That is: > >RDEF PROGRAM(PGMNAME) UACC(NONE) ADDMEM(LIBNAME/VOLUME/NOPADCHK) > >will deny access to LIBNAME(

Re: RACF - CLASS(PROGRAM)

2009-06-04 Thread Rick Fochtman
value. That is, find an actual weakness and identify ways to mitigate that weakness. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Rick Fochtman Sent: Thursday, June 04, 2009 12:39 PM To: IBM-MAIN@bama.ua.edu Subject: Re: RACF - CLASS(

Re: RACF - CLASS(PROGRAM)

2009-06-04 Thread Hal Merritt
ctual weakness and identify ways to mitigate that weakness. -Original Message- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Rick Fochtman Sent: Thursday, June 04, 2009 12:39 PM To: IBM-MAIN@bama.ua.edu Subject: Re: RACF - CLASS(PROGRAM) You should expla

Re: RACF - CLASS(PROGRAM)

2009-06-04 Thread Rick Fochtman
You should explain to your auditors: anyoine can give any name they like to any program. The FUNCTION and CAPABILITIES of a program are FAR more important than the name. Is it APF authorized? is the loadlib APF authorized? Without proper authorization, with respect to z/OS rules, it's not very

Re: RACF - CLASS(PROGRAM)

2009-06-03 Thread Mark Baron
Rick - Your analysis is exactly correct - that is precisely what we have been asked to do (by the auditors). Thanks for confirming my suspicions. Mark -- For IBM-MAIN subscribe / signoff / archive access instructions, send ema

Re: RACF - CLASS(PROGRAM)

2009-06-03 Thread Rick Fochtman
-: Hi all - Does anyone know if there is a way, using CLASS(PROGRAM) in RACF (z/OS V1R8 and higher) to define all accesses to a given program?? That is: RDEF PROGRAM(PGMNAME) UACC(NONE) ADDMEM(LIBNAME/VOLUME/NOPADCHK) will

RACF - CLASS(PROGRAM)

2009-06-03 Thread Mark Baron
Hi all - Does anyone know if there is a way, using CLASS(PROGRAM) in RACF (z/OS V1R8 and higher) to define all accesses to a given program?? That is: RDEF PROGRAM(PGMNAME) UACC(NONE) ADDMEM(LIBNAME/VOLUME/NOPADCHK) will deny access to LIBNAME(PGMNAME) but only if LIBNAME is on VOLUME. Simi