[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Re: Group of users
From: Lennie J Dymoke-Bradshaw <lennie_bradshaw () UK ! IBM ! COM>
Date: 2008-04-29 15:00:52
Message-ID: OF3E9D94DA.5C81E1F9-ON8025743A.00526A74-8025743A.005280A4 () uk ! ibm ! com
[Download RAW message or body]
Apologies. I stand amended.
Lennie Dymoke-Bradshaw MBCS CITP
Accredited Senior I/T Specialist, System z, Security and Cryptography
IBM Software Group
Russell D Hardgrove <hardgrov@US.IBM.COM>
Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
29/04/2008 15:03
Please respond to
RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
To
RACF-L@LISTSERV.UGA.EDU
cc
Subject
Re: Group of users
this inability to UNPROTECT a dataset via a RENAME is the same without
protectall.
iow DADSM says "If dataset is protecrd by RACF, I will not let you
rename it and leave it completely (no covering profile) unprotected"
PROTECTALL does not enter in to it.
--------------------------------------------------
Russ Hardgrove / RACF Lvl2
IBM - z/OS Software Service
Dept. R8LA Bldg. 707 - 2/F19
Poughkeepsie, NY 12601
hardgrov@us.ibm.com 845-435-3279
or 295-3279 (T/L)
--------------------------------------------------
"RACF: Guilty, until proven innocent !!" RdH 2004
<< Continually proving this is not just a JOB, it's an ADVENTURE :-b ..
>>
...
Lennie J Dymoke-Bradshaw <lennie_bradshaw@UK.IBM.COM>
Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
04/29/2008 09:56 AM
Please respond to
RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
To
RACF-L@LISTSERV.UGA.EDU
cc
Subject
Re: Group of users
Michael,
I think you are attempting to rename the dataset to a name which would not
be protected by a generic profile. I think this is needed if PROTECTALL is
on.
So in your example you would need a profile for something like,
delete.sys.**
HTH
Regards
Lennie Dymoke-Bradshaw MBCS CITP
Accredited Senior I/T Specialist, System z, Security and Cryptography
IBM Software Group
Michael Szyszka <mszyszka@DMV.STATE.NY.US>
Sent by: RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
29/04/2008 14:40
Please respond to
RACF Discussion List <RACF-L@LISTSERV.UGA.EDU>
To
RACF-L@LISTSERV.UGA.EDU
cc
Subject
Re: Group of users
ID syskrd is connected to group sysprog,
INFORMATION FOR GROUP SYSPROG
SUPERIOR GROUP=SYS1 OWNER=SYS1 CREATED=08.116
INSTALLATION DATA=DMV SYSTEM PROGRAMMERS
NO MODEL DATA SET
TERMUACC
NO SUBGROUPS
z/OS 1.7, non vsam dataset, trying to rename sys.name to delete.sys.name
IEC614I RENAME FAILED - RC 008, DIAGNOSTIC INFORMATION IS (04100C04),394
-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of
Walter Farrell
Sent: Tuesday, April 29, 2008 9:28 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: Group of users
On Tuesday, 04/29/2008 at 09:22 AST, Michael Szyszka
<mszyszka@DMV.STATE.NY.US> wrote:
> Hi Dave,
> I have it active.
>
> ERASE-ON-SCRATCH IS ACTIVE, CURRENT OPTIONS:
> ERASE-ON-SCRATCH BY SECURITY LEVEL IS INACTIVE
> SINGLE LEVEL NAMES NOT ALLOWED
> LIST OF GROUPS ACCESS CHECKING IS ACTIVE.
As Lizette suggested, we really need to see the error messages that the
user gets. It would also help to know more about how they tried to do
the
rename, and also more about the data set. SMS-managed or not? VSAM or
non-VSAM?
--
Walt
------------------------------
Walt Farrell, CISSP
IBM STSM, z/OS Security Design,
e-mail: wfarrell@us.ibm.com
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
Unless stated otherwise above:
IBM United Kingdom Limited - Registered in England and Wales with number
741598.
Registered office: PO Box 41, North Harbour, Portsmouth, Hampshire PO6 3AU
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic