Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: [email protected] Subject: Re: RMDS IN the manual it states AUTHERAS Specifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of Lizette Koehler > Sent: Tuesday, July 29, 2014 7:01 AM > To: [email protected] > Subject: Re: RMDS > > I forgot to ask how you access RMDS. > > Is it through > CICS > ISPF > VTAM > OTHER??? > > Lizette > > > > -----Original Message----- > > From: IBM Mainframe Discussion List > > [mailto:[email protected]] On Behalf Of Lizette Koehler > > Sent: Tuesday, July 29, 2014 6:48 AM > > To: [email protected] > > Subject: Re: RMDS > > > > You may need to contract an assembler programmer if you are not > comfortable > > with Assembler and system exits. > > > > What you would want is if the ERASE command is entered, to trap it, > probably > > validate to see if that person is authorized and if they are not > authorized, send back > > a message along those lines. Otherwise allow the command. > > > > I am surprised IBM does not have sample exits that you could work with. > > > > I do not remember if the panels were part of RMDS or if they were > > ISPF > Panels > > invoked by RMDS. If they are ISPF Panels you might be able to put > something in > > the panel process to trap ERASE and action accordingly. > > > > Lizette > > > > > > > -----Original Message----- > > > From: IBM Mainframe Discussion List > > > [mailto:[email protected]] On Behalf Of Roff, Donna > > > Sent: Tuesday, July 29, 2014 6:30 AM > > > To: [email protected] > > > Subject: Re: RMDS > > > > > > HI Brian > > > Thanks. > > > > > > This , this is a very old product. Even IBM is not able to offer > > > much > > advice. > > > > > > We have an exit that just covers sign on. > > > > > > I would like to perhaps just disable that RMDS command - ERASE - > > completely for > > > either all or most users. Within RMDS even, not ACF2. The RMDS > > administrator > > > controls access through RMDS. But access seems to be all or > > > nothing, if > > you can > > > view it, you can erase it. > > > > > > Tx for looking for your exits. > > > > > > -----Original Message----- > > > From: IBM Mainframe Discussion List > > > [mailto:[email protected]] On Behalf Of Brian France > > > Sent: Tuesday, July 29, 2014 8:57 AM > > > To: [email protected] > > > Subject: Re: RMDS > > > > > > Way back machine started. > > > > > > Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been > > > like > > > 6 > > and > > > 8. I have no idea anymore what RMDS version we had. > > > > > > There were exits in RMDS that we utilized with ACF2. They would > > > take the > > report > > > name ( the one you see when you're in RMDS, not the data set name > > > ) and pass it to the exit were we would make a data set like call > > > to grant > > access. We > > > had to write code utilizing the sample exit to do this. > > > Think we placed standard HLQ on the report name when we built the > > > data > > set like > > > call to write rules against. > > > > > > There was a sign on exit as well. > > > > > > I looked for my exits but alas I musta cleaned house when RMDS > > > went the > > way of > > > the dino here... > > > > > > > > > On 7/29/2014 8:27 AM, Roff, Donna wrote: > > > > Thanks Koluso and Lizette > > > > > > > > Ive gone through the manuals already and cant seem to find what > > > > I > need. > > > > > > > > We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and > > > > ACF2 is > > V15. > > > > > > > > This is the problem which we just recently discovered after decades: > > > > > > > > The RMDS administrator does set up something to determine who > > > > can browse > > > which reports. However, once you get into DISPLAY mode on a > > > report, > > theres a > > > whole series of commands available - CAP, COLS, F(IND) etc. > > > Fairly > > inoculous. > > > However, there is also an ERASE command, which does not seem to > > > have any restriction on it. > > > > > > > > This is on the report level, not the dsname level. A user that > > > > does not > > have ACF2 > > > authority to delete the vsam cluster corresponding to the report > > > can still > > delete the > > > report by issuing ERASE. The report is no longer viewable and > > > When the > > PURGE > > > jobs runs, PURGE deletes the cluster. > > > > > > > > Ive been working with both IBM and CA on this but to no avail. > > > > It seems > > that once > > > in RMDS, ACF2 is out of the picture. So I think this has to be > > > controlled > > within > > > RMDS. But we cant figure out how. > > > > > > > > Thanks, > > > > Donna > > > > > > > > -----Original Message----- > > > > From: IBM Mainframe Discussion List > > > > [mailto:[email protected]] On Behalf Of Sri h Kolusu > > > > Sent: Monday, July 28, 2014 3:31 PM > > > > To: [email protected] > > > > Subject: Re: RMDS > > > > > > > > May be this will help > > > > > > > > Chapter 16 in Administration Guide > > > > > > > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3 > > > > 00 > > > > 0 > > > > > > > > or this one > > > > > > > > http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3 > > > > 00 > > > > 0 > > > > > > > > > > > > Kolusu > > > > > > > > IBM Mainframe Discussion List <[email protected]> wrote > > > > on > > > > 07/28/2014 12:08:10 PM: > > > > > > > >> From: "Roff, Donna" <[email protected]> > > > >> To: [email protected] > > > >> Date: 07/28/2014 12:19 PM > > > >> Subject: RMDS > > > >> Sent by: IBM Mainframe Discussion List > > > >> <[email protected]> > > > >> > > > >> Hi, > > > >> > > > >> Is anyone here familiar with RMDS (Report Management > > > >> Distribution > > > > System) ? > > > >> We have a question about security on one of the RMDS commands > > > >> available against a report. ACF2 protects the MVS datasets but > > > >> this is for the actual report. > > > >> > > > >> (This is my first post. I don't know if I need to put any > > > > introduction.) > > > >> Thanks, > > > >> Donna > > > >> ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
