I've seen it in CICS, of course. Never in TSO. I rarely get into other
environments.
---
Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313
/* Let the righteous smite me in kindness and reprove me.
It is oil upon my head; do not let my head refuse it. -Psalms 141:5 */
-Original Messag
Peter,
Thank you for the explanation.
However I think the same "problem" exists with ID(*) and LNKLST.
Regarding undefined users - BATCHALLRACF should be enough. And AFAIR
NODES class could be set up to reject such jobs.
However it is still minor issue, IMHO - the job would use some
resources,
Mike,
I have normally been on the RACF-L list, however, since changing jobs last
year, I've had some problems with the e-mails from the list getting through to
my new e-mail address.
I, personally, have not seen work running without a valid RACF userid
associated with it, though I have been in
-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Tue, 25 Jun 2024 11:22:17 -0500
From:Mike Cairns
Subject: Re: Data Set Commander Monitor (DSCMON) Access Authority
Hi Peter,
Radoslaw and I probably spend more time over on the RACF_L list than here
Hi Peter,
Radoslaw and I probably spend more time over on the RACF_L list than here on
IBM-MAIN, but I still like to keep an eye open here.
The use of ID(*) ACCESS(READ) is well known among the RACF community as the
'preferred' option to UACC nowadays, and the reason you cite is indeed
mention
R.S.
One of the reasons to use ACCESS(READ) ID(*) and not UACC(READ) would be that
the first forces the user accessing the programs to actually be a racf userid.
I believe, that if you have a job, come across via NJE, it is possible that the
submitting system did not provide a userid, and woul
This is the way (one of few) to do this.
In other words HOW to do this.
However it doesn't answer WHY to do this.
I still don't know any *reasonable* justification for UACC(NONE) for
linklisted libraries.
--
Radoslaw Skorupka
Lodz, Poland
W dniu 23.06.2024 o 18:27, Mike Schwab pisze:
We did
un, 23 Jun 2024 14:15:53 +0200
From:Radoslaw Skorupka
Subject: Re: Data Set Commander Monitor (DSCMON) Access Authority
W dniu 23.06.2024 o 10:51, Mike Cairns pisze:
> No Bob - I meant UACC(READ) or its equivalent. I just don't see what gate is
> being closed by insisting that Link
We did UACC(WARN) and monitored to make sure somebody put RACF on it.
We eventually went to NONE.
On Sun, Jun 23, 2024 at 7:16 AM Radoslaw Skorupka
<0471ebeac275-dmarc-requ...@listserv.ua.edu> wrote:
>
> W dniu 23.06.2024 o 10:51, Mike Cairns pisze:
> > No Bob - I meant UACC(READ) or its equiv
W dniu 23.06.2024 o 10:51, Mike Cairns pisze:
No Bob - I meant UACC(READ) or its equivalent. I just don't see what gate is
being closed by insisting that LinkList or LPA libraries must have UACC(NONE),
when, as you confirm, they cannot be fetch protected and therefore the content
is available
No Bob - I meant UACC(READ) or its equivalent. I just don't see what gate is
being closed by insisting that LinkList or LPA libraries must have UACC(NONE),
when, as you confirm, they cannot be fetch protected and therefore the content
is available to anyone on the system anyway.
Cheers - Mike
sel
Cc: Mike Cairns
Subject: Re: Data Set Commander Monitor (DSCMON) Access Authority
Hi Rob - is it now considered less than best practice to allow Linklist and LLA
etc to fall under UACC(READ) or ID(*) READ profiles? MY recollection is that
these libraries are not fetch protected, and there
Steve,
I just checked the latest z/OS and RACF STIGs v6r60 and can find no mention of
DSCMON. Where precisely in the STIGs did you find a reference to it?
Regards, Bob
-Original Message-
Date:Fri, 21 Jun 2024 20:23:09 -0500
From:Steve Beaver
Subject: Re: Data Set Commander
Hi Rob - is it now considered less than best practice to allow Linklist and LLA
etc to fall under UACC(READ) or ID(*) READ profiles? MY recollection is that
these libraries are not fetch protected, and therefore there is little common
sense in having them anything other than UACC(READ)... Chee
Use of DSCMON is a STIG violation
Sent from my iPhone
No one said I could type with one thumb
> On Jun 21, 2024, at 19:59, Mark Schuffenhauer wrote:
>
> Hello Bob,
>
> I would not make it trusted, but that is mainly up to the security standards
> of the company.
>
generic to standards.
From: IBM Mainframe Discussion List on behalf of
Robert S. Hansel
Sent: Friday, June 21, 2024 7:50 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Data Set Commander Monitor (DSCMON) Access Authority
Greetings all,
I posted this on RACF-L
Greetings all,
I posted this on RACF-L a week ago. There were not replies, so I thought I
would try this list.
I am implementing RACF control for DSCMON for the first time and wondering
how others have implemented it. Below is some background information, my
thoughts, and some questions
Does anyone use DSCMON on their systems?
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
18 matches
Mail list logo
