On Fri, May 15, 2015 at 6:51 AM, Elardus Engelbrecht < [email protected]> wrote:
> Jousma, David wrote: > > >I understand the concept, but sounds impossible. > > So, I already see that. Beside, trying to protect the programs of > utilities are simply a no-no. > > > >What about omitting the records you don’t want? Omitting all > user=ELARDUS would be just as bad as changing data if there were > intentional efforts going on. > > Of course. I was more generally thinking about any manipulating of data > to/from something. Same with DBAs. You have to trust them and their data > and databases. > > > >Auditors either have to bring their own toolbox, or trust at some point. > SMF going to logger is harder to thwart it would seem, but the real > question to me would be a method to bulletproof the collection of the data > so that it cannot be altered before written. > > This is what I try to tell our people. Protect the source and custodians > (people), not the tools. So, this is why I'm asking to see what others > think - is it practical to protect DFSORT keywords or not. > I'm going to be a bit silly now. To me, DFSORT/ICETOOL is basically a "programming language" which is used to read some input, transform, and produce output. So, the question could be transformed to ask something like "Should the COMPUTE verb in COBOL be protected by RACF? We want to make sure the the programmers don't modify data read from the input before writing it to a report." > > > >DFSORT is just one tool. What about SAS/MXG? > > No SAS here. Or any tool which can modify data in place or during > transfers. > > Thanks for your kind insight. > > Groete / Greetings > Elardus Engelbrecht > > -- If someone tell you that nothing is impossible: Ask him to dribble a football. He's about as useful as a wax frying pan. 10 to the 12th power microphones = 1 Megaphone Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
