Richard, > http://publib.boulder.ibm.com/infocenter/zos/v1r11/index.jsp?topic=/com.ibm.zos.r11.ioea700/ioea7d0021001588.htm
After someone had pointed it out, I read it and now I know it needs to be done. That doesn't change the fact that without TRUSTED and without explicit access, the ZFS address space can mount these RDT files just fine on my old ADCD system. No DFS there, either. In the original ADCD RACF database, userid DFS was assigned to ZFS, but it was certainly NOT made trusted. Which nobody noticed, since no RACF profiles are defined for any 'system data sets' on an ADCD system. What bothers me with this is that the RACF documentation (Sysprog Guide) refers me specifically to chapter 1.7 of the Init&Tuning reference called "Assigning the RACF TRUSTED attribute" (which I know from previous audits to be the 'bible' that the auditors won't question if followed). The CEA address space made it into that list as of 1.13, so I had every faith that the list is complete. I had consulted that list when I cleaned up the ADCD setup for the STARTED class about half a year ago. I just checked again, ZFS is NOT in that list (that contains names of address spaces, not userids). DFS is in that list, but we don't even have a DFS address space. I am 'surprised' about this incomplete documentation, given how much IBM pushes ZFS. Barbara ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
