First posted on RACF-L under topic "How to define STARTED class profiles for DFHSM (are generic profiles ok)?", but not much response. Reposting here under new topic.
Need to define STARTED clas profiles for DFHSM and its helper STCs. The helper STCs have names starting with ARC and DSS, and some numeric part that depends on the number of HSMs in the sysplex and the number of parallel task they start. The easiest way would be to define profiles ARC*.* and DSS*.*, the more cumbersome way to define one profile for each possible STC. Someone here claims that it is an absolute no-go to define generic profiles (for the part before the dot) in class STARTED. Especially if the task need to run TRUSTED. I think there is no danger in doing so, because it cannot be misused, *if* the PROCLIBs and the MVS START commands are properly protected. Anyone with update access to PROCLIBs can misused any of the trusted STCs, can't they? Any thoughts or recommendations? -- Peter Hunkeler ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
