[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: RSH Consulting - RACF Survey - Nov 2011 - AIM - Results
From:       D E Engelbrecht <elardus.engelbrecht () SITA ! CO ! ZA>
Date:       2011-11-30 17:37:01
Message-ID: 201111301737.pAUEwheG012763 () waikiki ! cc ! uga ! edu
[Download RAW message or body]

Campanella, Bob wrote:

> I recognized the absolute havoc that would ensue for systems folks who
want to copy filesystems between LPARs, unless they had consistent unix
identities on all systems. I developed an algorithm to rationally assign
UIDs across all IMAGES, so the person who has multiple RACF userids
depending on the system, or even on the same system, can be the same unix
identity on all.  So full blown automatic userid assignment is not of
interest to me.

Did you consider grouping your ids in groups with shared GIDS? Or is that
also not suitable for your environment?


>3. I really like using UNIXMAP to easily find out what userids are in
existence and by whom.

With AIM=3 you can use RACF commands to do searches.


>I know that the same can be accomplished with a careful parsing of the
RACFDB unload data, however, it is not instantaneous and requires a new
unload to see what is actually in existence at the moment. This concern is
probably mitigated by the use of products such as z/Secure, which I am in
the process of implementing and learning about.

It is NOT probably mitigated, it is already mitigated by z/Secure.


>I will be less resistant to change to level 3 once I can interactively
manage the uids research with z/Secure,

You can interactively manage the uids with z/Secure in tabular format. With
AIM=3 things do get easier.

Go for it! :-D

Groete / Greetings
Elardus Engelbrecht
[prev in list] [next in list] [prev in thread] [next in thread]