[prev in list] [next in list] [prev in thread] [next in thread]
List: racf-l
Subject: Antwort: Auditing wrong operator commands
From: Andreas Fischer <andreas.fischer () GENERALI ! COM>
Date: 2020-02-28 20:10:09
Message-ID: OF6DEC6629.743EE57C-ONC125851C.006E735A-C125851C.006ECB1C () dmz ! ino ! at
[Download RAW message or body]
hi,
all i can tell you is that it works nicely when defined with UACC(READ) -
haven't tried what happens if you define the profiles but don't allow
access, if this results in an ICH408 message, or nothing. but i guess you
can try out easily with permitting a userid with NONE and execute an
invalid command with this userid afterwards...
regards,
andi
"RACF Discussion List" <RACF-L@LISTSERV.UGA.EDU> schrieb am 18.02.2020
15:40:29:
> Von: "Mautalen Juan Guillermo" <jmautalen@ANSES.GOV.AR>
> An: RACF-L@LISTSERV.UGA.EDU
> Datum: 18.02.2020 15:40
> Betreff: Auditing wrong operator commands
> Gesendet von: "RACF Discussion List" <RACF-L@LISTSERV.UGA.EDU>
>
> Hi!
>
> From IBM documentation:
> <<<<<<<<<<<<<<<<<<<<<<<<<<
> When an operator issues a command that the subsystem doesn't
> recognize, the subsystem checks for a profile named subsystem-
> name.UNKNOWN. To handle these commands, create a profile named:
> ? MVS.UNKNOWN with UACC(READ) for MVS
> ? JES2.UNKNOWN or JES3.UNKNOWN with UACC(NONE) for JES
> ? RACF.UNKNOWN with UACC(NONE) for RACF
> Your security policy might require auditing of all commands issued,
> even if they are not valid on your system. You can audit these
> commands by specifying AUDIT(ALL) on these profiles.
> >>>>>>>>>>>>>>>>>>>>>>>>>>>
>
> Question:
> Why UACC(READ) is suggested for MVS.UNKNOWN and UACC(NONE) for JESx and
RACF?
>
>
> Thanks in advance for your help,
>
>
> Juan G. Mautalen
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic