W dniu 06.11.2020 o 22:43, Frank Swarbrick pisze:
In the Unix world one can use chmod (change mode) on their own files to make it
so non-superusers cannot view a particular file. Is there anything similar for
MVS data sets?
Few points:
1. In MVS world there is no concept of file ownership like in Unix.
2. For TSO users HLQ=userID is special case, but it is rather "ALTER by
default", which is hard to restrict and it has very little to do with
authorities management.
2.1 Such datasets are called "his own" despite there is no ownership
concept.
2.2 Note, special treatment is not for every RACF user, it is for TSO
users only. So, for example ftp and many other methods are excluded
(assuming the user has no TSO segment).
3. Every TSO user may or may NOT have rights to manage dataset
authorities, his own (HLQ=userid) OR OTHER DATASETS.
4. Details depend on your setup. Usually "his own" datasets are in scope
of the user (userid is the owner of userid.** profile) and that is
enough to manage access list and UACC.
5. However admin may restrict RACF commands like AD, ALDSD nad PE and
then user cannot use them to manage rights. There are other methods also.
HTH
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2020 r. wynosi 169.401.468 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169.401.468 as at 1 January 2020.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
