'Re: New Class - Jesjobs, BATCHALLRACF, TEMPDSN'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: New Class - Jesjobs, BATCHALLRACF, TEMPDSN
From:       Prakash Lalaram <prakash.lalaram () RIYADBANK ! COM>
Date:       2016-09-27 12:12:24
Message-ID: BCBC9312C8545048B64B9F97256F12D90124209D13 () ENTEXMBPRHOW2
[Download RAW message or body]

Many thanks for that - I was just preparing my email correspondence to inform all \
about the changes, and I will now include the Endevor team as well 

Regards 

Prakash Lalaram
Manager
IS Analyst
Tel.:+966-11-276-3000 Ext.: 2235 | Mobile.:+966-56-246-8228
prakash.lalaram@riyadbank.com


For clean environment, please avoid unnecessary printing.
-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Robert S. \
                Hansel (RSH)
Sent: Tuesday, September 27, 2016 12:40 PM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: New Class - Jesjobs, BATCHALLRACF, TEMPDSN

Prakash,

With regard to TEMPDSN, I should also mention that it can play havoc with Endevor. \
See RACF Tips article "TEMPDSN and CA-Endevor" via the URL below.

http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2009.pdf

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

-----Original Message-----
From: Robert S. Hansel (RSH) [mailto:R.Hansel@rshconsulting.com]
Sent: Monday, September 26, 2016 6:19 AM
To: 'RACF Discussion List'
Subject: RE: New Class - Jesjobs, BATCHALLRACF, TEMPDSN

Prakash and Joel,

I would be hesitant to put UACC(ALTER) on the JESJOBS ** profile. It would allow \
anyone to cancel any job using the TSO CANCEL command. It would also allow anyone to \
manage any job via a product that used the new JES Modify Service. See our RACF Tips \
article on the JES Modify Service via the URL below. I'd be inclined to start with \
UACC(READ).

http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2014.pdf

There were other comments suggesting that you must wait until an IPL to activate \
TEMPDSN. While I would always wait until a system maintenance period before \
activating anything of this nature, activating it in conjunction with an IPL is no \
longer required if all your systems are at z/OS 1.13 or above. See our RACF Tips \
article on Temporary Dataset Protection via the URL below.

http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2012.pdf

Regards, Bob

Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com

-----Original Message-----
Date:    Sun, 25 Sep 2016 18:10:53 +0000
From:    "Tilton, Joel" <jtilton@DTCC.COM>
Subject: Re: New Class - Jesjobs, BATCHALLRACF, TEMPDSN

G'Day,
In reverse order because of JESJOBS

JESJOBS!!!
It's a default RC of 08 class so you need to build a profile of ** UACC(ALTER) \
*before* you turn it on. Security by jobname is definitely a good thing though so \
keep heading in this direction. :)

TEMPDSN secures all temporary datasets.
I have seen different vendor products react to this with "strange" behavior over the \
years.  So depending on what software you have installed you should check with the \
vendor to make sure they support it. I remember getting ICH408I messages for the \
temporary datasets themselves but of course there's nothing you can PERMIT to in that \
case.  That was a rare case with an ISV product who's name I can no longer remember.

Regarding BATCHALL RACF I refer you to the post from Hayim Sokolsky on 9/6 @ 09:52 \
ET.

Joel Tilton
Senior Security Engineer
Mainframe Security Engineering (MSE)
Enterprise Computing and Communications (ECC) DTCC Tampa jtilton@dtcc.com
+1 813-470-2160

Visit us at www.dtcc.com or follow us on Twitter @The_DTCC and on LinkedIn.
To learn about career opportunities at DTCC, please visit dtcc.com/careers.

Classification:  DTCC Non-Confidential (WHITE)

The views I have expressed in this email are my own personal views, and are not \
endorsed or supported by, and do not necessarily express or reflect, the views, \
positions or strategies of my employer.

Joel Tilton
Senior Security Engineer
Mainframe Security Engineering (MSE)
Enterprise Computing and Communications (ECC) DTCC Tampa jtilton@dtcc.com
+1 813-470-2160



Visit us at www.dtcc.com or follow us on Twitter @The_DTCC and on LinkedIn.
To learn about career opportunities at DTCC, please visit dtcc.com/careers.

Classification:  DTCC Confidential (YELLOW)


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of Prakash \
                Lalaram
Sent: Sunday, September 25, 2016 7:49 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: New Class - Jesjobs, BATCHALLRACF, TEMPDSN

Good Day

We are planning to activate the following classes 

					1. BATCHALLRACF
					2. TEMPDSN
					3.JESJOBS

I just need to know if all of the listed Classis's require a  ** profile to be \
created when activating them

And besides the extremely knowledgeable RACF support people on this site, where else \
can I verify this. I am also looking at the 

RACF Security Administrator's Guide SA22

Regards 

Prakash Lalaram
Manager
IS Analyst
Tel.:+966-11-276-3000 Ext.: 2235 | Mobile.:+966-56-246-8228 \
prakash.lalaram@riyadbank.com


For clean environment, please avoid unnecessary printing.


هذه الرسالة و مرفقاتها (إن وجدت) تمثل وثيقة \
سرية قد تحتوي على معلومات تتمتع بحماية وحصانة \
قانونية . إذا لم تكن الشخص المعني بهذه الرسالة \
يجب عليك تنبيه المُرسل بخطأ وصولها إليك، و حذف \
الرسالة و مرفقاتها (إن وجدت) من الحاسب الآلي \
الخاص بك. ولا يجوز لك نسخ هذه الرسالة أو \
مرفقاتها (إن وجدت) أو أي جزئ منها، أو البوح \
بمحتوياتها لأي شخص أو استعمالها لأي غرض . علماً \
بأن الإفادات و الآراء التي تحويها هذه الرسالة \
تعبر فقط عن رأي المُرسل و ليس بالضرورة رأي بنك \
الرياض ولا يتحمل بنك الرياض ي مسئولية عن \
الأضرار الناتجة عن أي فيروسات قد يحملها هذ \
البريد 


This message and its attachment, if any, are confidential and may contain legally \
privileged information. If you are not the intended recipient, please contact the \
sender immediately and delete this message and its attachment, if any, from your \
system. You should not copy this message or disclose its contents to any other person \
or use it for any purpose. Statements and opinions expressed in this e-mail are those \
of the sender, and do not necessarily reflect those of Riyad Bank. Riyad Bank Accepts \
no liability for any damage caused by any virus transmitted by this email.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic