Although setting up your own SAF class is not difficult, it is another step in the installation/migration process and my instinct (bearing in mind the squeeze on staffing resources) is always to tend to "zero-config" wherever possible.
If you stay within your lanes as far as the profile namespace is concerned ,then XFACILIT makes sense in most cases. Rob Scott Rocket Software -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Phil Smith III Sent: Sunday, November 12, 2023 8:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF, the FACILITY class, and z/XDC EXTERNAL EMAIL Ed Jaffe recommended against creating a SAF class. I'll respectfully suggest that it's not that hard. First, if you do, IBM told us, "Start the class name with a dollar sign-we'll never use those". Of course you could collide with another vendor, but that's unlikely. We've had customers doing so for 13 years or so. Besides some folks who didn't understand how to use their own ESM, we've had no problems. ACF2 and TSS were easy, too. Now, I admit that our usage is pretty simple: we have named data protection entities called Cryptids, and you can use them to protect (encrypt/tokenize/hash) or access (decrypt/detokenize) data. So if you have a Cryptid named BANANA, a user needs READ or greater authority to PROTECT.BANANA or ACCESS.BANANA, as appropriate to use BANANA to protect or access. For something like EJES, with possibly dozens of subtleties, it would surely be harder. The complexity of SAF related to certificates comes to mind, though I suspect some of that is due to some historical mistakes. Still, once you've defined a scheme, it's just PERMITs, right? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
