I agree that UACC(READ) looks like a good setting for IEAABD.DMPAUTH resource
protection.
However, the RACF_SENSITIVE_RESOURCES health check seems to disagree:
(...)E IEAABD.DMPAUTH FACILITY Read No
(...)
Not a big deal, of course. But I prefer to have RACF health
> The check uses a resource name of IEAABD.DUMPAUTH
That module comment is incorrect. It checks resource name IEAABD.DMPAUTH
Peter Relson
z/OS Core Technology Design
--
For IBM-MAIN subscribe / signoff / archive access instruct
Commentary from the module that does the checking:
...checks a FACILITY class profile to ensure the installation allows the user
to take this dump. Can prevent unauthorized dumps of
execution-controlled programs.
The check uses a resource name of IEAABD.DUMPAUTH where:
(a) Access of UPDATE (or
Thanks Peter for the information. It then seems appropiate to RACF protect
IEAABD.DMPAUTH resource.
RACF SAG states:
<<<>>>
Who should have access to IEAABD.DMPAUTH (human/non-human userids)?
Regards,
Juan MautalenEl martes, 12 de julio de 2022, 09:11:43 p. m. GMT-3, Peter
Relson escribió:
IEAABD.DMPAUTH processing is very different than IEAABD.DMPAKEY.
> I assume the answer is YES, but I want to be sure.
That is not a good assumption.
It happens to be true for IEAABD.DMPAUTH.
It is not true for IEAABD.DMPAKEY (which applies only when the abend occurred
in key 0-7).
They were cre
On Mon, 11 Jul 2022 15:40:10 + "jgmauta...@yahoo.com.ar"
<01f9499d67db-dmarc-requ...@listserv.ua.edu> wrote:
:>Hi!
:>
:>I have a question regarding IEAABD.DMPAUTH / IEAABD.DMPAKEY resources in RACF
FACILITY class:
:>
:>
:>1- In this context, when the RACF "Security Administrator Guid
Hi!
I have a question regarding IEAABD.DMPAUTH / IEAABD.DMPAKEY resources in RACF
FACILITY class:
1- In this context, when the RACF "Security Administrator Guide" says
"controlled programs", is it referring to programs protected in RACF PROGRAM
class?
2- It is not completely clea