IN the manual it states
AUTHERAS Specifies the authorization level for the ERASE and
RESTORE commands.
A|ALTER
U|UPDATE
Perhaps you can see if your users have ALTER or UPDATE authority on the
report/dsn. In the manual Report Management and Distribution System
Administration Guide Version 2 Release 3 Document Number S544-5395-00
Note: The RMDS default is to define report owners as having UPDATE
authority, but system options are available to allow you to specify what
access should be used to define report owners (AUTHOWNR) and to define the
authority to issue ERASE commands (AUTHERAS).
The viewer region and report distribution facility user IDs need
only READ access, for those cases where the job or started task user ID does
not match the user IDs accessing reports.
So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different
levels and only give that level to those allowed to erase reports.
Lizette
> -----Original Message-----
> From: IBM Mainframe Discussion List [mailto:[email protected]] On
> Behalf Of Lizette Koehler
> Sent: Tuesday, July 29, 2014 7:01 AM
> To: [email protected]
> Subject: Re: RMDS
>
> I forgot to ask how you access RMDS.
>
> Is it through
> CICS
> ISPF
> VTAM
> OTHER???
>
> Lizette
>
>
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:[email protected]]
> > On Behalf Of Lizette Koehler
> > Sent: Tuesday, July 29, 2014 6:48 AM
> > To: [email protected]
> > Subject: Re: RMDS
> >
> > You may need to contract an assembler programmer if you are not
> comfortable
> > with Assembler and system exits.
> >
> > What you would want is if the ERASE command is entered, to trap it,
> probably
> > validate to see if that person is authorized and if they are not
> authorized, send back
> > a message along those lines. Otherwise allow the command.
> >
> > I am surprised IBM does not have sample exits that you could work with.
> >
> > I do not remember if the panels were part of RMDS or if they were ISPF
> Panels
> > invoked by RMDS. If they are ISPF Panels you might be able to put
> something in
> > the panel process to trap ERASE and action accordingly.
> >
> > Lizette
> >
> >
> > > -----Original Message-----
> > > From: IBM Mainframe Discussion List
> > > [mailto:[email protected]] On Behalf Of Roff, Donna
> > > Sent: Tuesday, July 29, 2014 6:30 AM
> > > To: [email protected]
> > > Subject: Re: RMDS
> > >
> > > HI Brian
> > > Thanks.
> > >
> > > This , this is a very old product. Even IBM is not able to offer
> > > much
> > advice.
> > >
> > > We have an exit that just covers sign on.
> > >
> > > I would like to perhaps just disable that RMDS command - ERASE -
> > completely for
> > > either all or most users. Within RMDS even, not ACF2. The RMDS
> > administrator
> > > controls access through RMDS. But access seems to be all or
> > > nothing, if
> > you can
> > > view it, you can erase it.
> > >
> > > Tx for looking for your exits.
> > >
> > > -----Original Message-----
> > > From: IBM Mainframe Discussion List
> > > [mailto:[email protected]] On Behalf Of Brian France
> > > Sent: Tuesday, July 29, 2014 8:57 AM
> > > To: [email protected]
> > > Subject: Re: RMDS
> > >
> > > Way back machine started.
> > >
> > > Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been
> > > like
> > > 6
> > and
> > > 8. I have no idea anymore what RMDS version we had.
> > >
> > > There were exits in RMDS that we utilized with ACF2. They would take
> > > the
> > report
> > > name ( the one you see when you're in RMDS, not the data set name
> > > ) and pass it to the exit were we would make a data set like call to
> > > grant
> > access. We
> > > had to write code utilizing the sample exit to do this.
> > > Think we placed standard HLQ on the report name when we built the
> > > data
> > set like
> > > call to write rules against.
> > >
> > > There was a sign on exit as well.
> > >
> > > I looked for my exits but alas I musta cleaned house when RMDS went
> > > the
> > way of
> > > the dino here...
> > >
> > >
> > > On 7/29/2014 8:27 AM, Roff, Donna wrote:
> > > > Thanks Koluso and Lizette
> > > >
> > > > Ive gone through the manuals already and cant seem to find what I
> need.
> > > >
> > > > We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and
> > > > ACF2 is
> > V15.
> > > >
> > > > This is the problem which we just recently discovered after decades:
> > > >
> > > > The RMDS administrator does set up something to determine who can
> > > > browse
> > > which reports. However, once you get into DISPLAY mode on a report,
> > theres a
> > > whole series of commands available - CAP, COLS, F(IND) etc. Fairly
> > inoculous.
> > > However, there is also an ERASE command, which does not seem to have
> > > any restriction on it.
> > > >
> > > > This is on the report level, not the dsname level. A user that
> > > > does not
> > have ACF2
> > > authority to delete the vsam cluster corresponding to the report can
> > > still
> > delete the
> > > report by issuing ERASE. The report is no longer viewable and When
> > > the
> > PURGE
> > > jobs runs, PURGE deletes the cluster.
> > > >
> > > > Ive been working with both IBM and CA on this but to no avail. It
> > > > seems
> > that once
> > > in RMDS, ACF2 is out of the picture. So I think this has to be
> > > controlled
> > within
> > > RMDS. But we cant figure out how.
> > > >
> > > > Thanks,
> > > > Donna
> > > >
> > > > -----Original Message-----
> > > > From: IBM Mainframe Discussion List
> > > > [mailto:[email protected]] On Behalf Of Sri h Kolusu
> > > > Sent: Monday, July 28, 2014 3:31 PM
> > > > To: [email protected]
> > > > Subject: Re: RMDS
> > > >
> > > > May be this will help
> > > >
> > > > Chapter 16 in Administration Guide
> > > >
> > > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA300
> > > > 0
> > > >
> > > > or this one
> > > >
> > > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC300
> > > > 0
> > > >
> > > >
> > > > Kolusu
> > > >
> > > > IBM Mainframe Discussion List <[email protected]> wrote on
> > > > 07/28/2014 12:08:10 PM:
> > > >
> > > >> From: "Roff, Donna" <[email protected]>
> > > >> To: [email protected]
> > > >> Date: 07/28/2014 12:19 PM
> > > >> Subject: RMDS
> > > >> Sent by: IBM Mainframe Discussion List <[email protected]>
> > > >>
> > > >> Hi,
> > > >>
> > > >> Is anyone here familiar with RMDS (Report Management Distribution
> > > > System) ?
> > > >> We have a question about security on one of the RMDS commands
> > > >> available against a report. ACF2 protects the MVS datasets but
> > > >> this is for the actual report.
> > > >>
> > > >> (This is my first post. I don't know if I need to put any
> > > > introduction.)
> > > >> Thanks,
> > > >> Donna
> > > >>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
