W dniu 12.11.2020 o 14:33, Seymour J Metz pisze:
There's nothing special about TSO; HLQ=userid is handled the same way in batch,
STC and TSO.
Yes, that's correct. My mistake.
Corrected version below.
Few points:
1. In MVS world there is no concept of file ownership like in Unix.
2. HLQ=userID is special case, but it is rather "ALTER by
default", which is hard to restrict and it has very little to do with
authorities management.
2.1 Such datasets are called "his own" despite there is no ownership
concept.
2.2 (deleted)
2.3 (added) Note: special treatment works only if the profile exists. In
other words, non-protected datasets (no profile covers them) are not
allowed "ALTER by default". However the scenario may be even more
complex when Global Access Table is used.
3. Every user may or may NOT have rights to manage dataset
authorities, his own (HLQ=userid) OR OTHER DATASETS.
4. Details depend on your setup. Usually "his own" datasets are in scope
of the user (userid is the owner of userid.** profile) and that is
enough to manage access list and UACC.
5. However admin may restrict RACF commands like AD, ALDSD nad PE and
then user cannot use them to manage rights. There are other methods also.
HTH
BTW: Security for datasets is considered as the most basic part of RACF
and usually this is part of basic RACF courses. However in details it is
very complex IMHO.
--
Radoslaw Skorupka
Lodz, Poland
======================================================================
Jeśli nie jesteś adresatem tej wiadomości:
- powiadom nas o tym w mailu zwrotnym (dziękujemy!),
- usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub zapisałeś
na dysku).
Wiadomość ta może zawierać chronione prawem informacje, które może wykorzystać
tylko adresat.Przypominamy, że każdy, kto rozpowszechnia (kopiuje, rozprowadza)
tę wiadomość lub podejmuje podobne działania, narusza prawo i może podlegać
karze.
mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. Sąd Rejonowy dla m. st.
Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, KRS 0000025237,
NIP: 526-021-50-88. Kapitał zakładowy (opłacony w całości) według stanu na
01.01.2020 r. wynosi 169.401.468 złotych.
If you are not the addressee of this message:
- let us know by replying to this e-mail (thank you!),
- delete this message permanently (including all the copies which you have
printed out or saved).
This message may contain legally protected information, which may be used
exclusively by the addressee.Please be reminded that anyone who disseminates
(copies, distributes) this message or takes any similar action, violates the
law and may be penalised.
mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950
Warszawa,www.mBank.pl, e-mail: [email protected]. District Court for the Capital
City of Warsaw, 12th Commercial Division of the National Court Register, KRS
0000025237, NIP: 526-021-50-88. Fully paid-up share capital amounting to PLN
169.401.468 as at 1 January 2020.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
