[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: ICHRRCDE - RACLIST= AND RACLREQ=
From: Walter Farrell <wfarrell () US ! IBM ! COM>
Date: 2008-03-31 21:29:34
Message-ID: OF77BB065D.D9B9C972-ON8525741D.0075AC00-8525741D.007610AF () us ! ibm ! com
[Download RAW message or body]
On Monday, 03/31/2008 at 03:12 AST, Nick Garigliano
<nick.garigliano@SENTRY.COM> wrote:
> Hello,
>
> For yucks I'm looking up the various options in the source for our
> installation defined CDT and comparing them to the System Prog guide
> (z/OS
> 1.7). I see that the majority of the entries have
>
> RACLIST=DISALLOWED
> RACLREQ=NO
>
> set explicitly or are not defined at all. According to the guide the
> defaults are DISALLOWED and NO.
>
> Reading the guide leads me to believe that a SETR RACLIST(CLASS) REFRESH
> should have no effect with these settings, yet from experience I know
> this is not the case. What am I missing?
What you should understand from the doc for RACLIST=DISALLOWED is that
SETR RACLIST(classname)
will not work.
However, SETR RACLIST(classname) REFRESH
is a different case. That one will work as long as either someone has
issued
SETR RACLIST(classname) (not possible in your case, of course) or an
application has issued
RACROUTE REQUEST=LIST,CLASS=classname,GLOBAL=YES
--
Walt
------------------------------
Walt Farrell, CISSP
IBM STSM, z/OS Security Design,
e-mail: wfarrell@us.ibm.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic