Several companies I was at lately had this policy of no read access to PARMLIB, and it is a pain because things you are used to, like IPCS, do not work without RACF READ access to it. I seem to remember that other tools also get their startup parms from PARMLIB, so that seems very counterproductive.
René. > On 4 Feb 2022, at 16:26, Seymour J Metz <[email protected]> wrote: > > I don't believe that read access to PARMLIB is a security risk, and it is > possible that a prohibition could actually lead to security issues, but if > you are under the pervue of DISA the you need to abide by their policies, > although I would probably document the fact that I considered UACC=NONE for > PARMLIB inappropriate. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ________________________________________ > From: IBM Mainframe Discussion List [[email protected]] on behalf of > Farley, Peter x23353 [[email protected]] ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
