[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Antwort: Auditing wrong operator commands
From:       Andreas Fischer <andreas.fischer () GENERALI ! COM>
Date:       2020-02-28 20:10:09
Message-ID: OF6DEC6629.743EE57C-ONC125851C.006E735A-C125851C.006ECB1C () dmz ! ino ! at
[Download RAW message or body]

hi,

all i can tell you is that it works nicely when defined with UACC(READ) - 
haven't tried what happens if you define the profiles but don't allow 
access, if this results in an ICH408 message, or nothing. but i guess you 
can try out easily with permitting a userid with NONE and execute an 
invalid command with this userid afterwards...

regards,
andi


"RACF Discussion List" <RACF-L@LISTSERV.UGA.EDU> schrieb am 18.02.2020 
15:40:29:

> Von: "Mautalen Juan Guillermo" <jmautalen@ANSES.GOV.AR>
> An: RACF-L@LISTSERV.UGA.EDU
> Datum: 18.02.2020 15:40
> Betreff: Auditing wrong operator commands
> Gesendet von: "RACF Discussion List" <RACF-L@LISTSERV.UGA.EDU>
> 
> Hi!
> 
> From IBM documentation:
> <<<<<<<<<<<<<<<<<<<<<<<<<<
> When an operator issues a command that the subsystem doesn't 
> recognize, the subsystem checks for a profile named subsystem-
> name.UNKNOWN. To handle these commands, create a profile named:
> ?  MVS.UNKNOWN with UACC(READ) for MVS
> ?  JES2.UNKNOWN or JES3.UNKNOWN with UACC(NONE) for JES
> ?  RACF.UNKNOWN with UACC(NONE) for RACF
> Your security policy might require auditing of all commands issued, 
> even if they are not valid on your system. You can audit these 
> commands by specifying AUDIT(ALL) on these profiles.
> >>>>>>>>>>>>>>>>>>>>>>>>>>>
> 
> Question:
> Why UACC(READ) is suggested for MVS.UNKNOWN and UACC(NONE) for JESx and 
RACF?
> 
> 
> Thanks in advance for your help,
> 
> 
> Juan G. Mautalen
[prev in list] [next in list] [prev in thread] [next in thread]