If "fakeid" has SPECIAL then it will be allowed to read an unprotected dataset. It may be that other combinations (e.g., OPERATIONS or GROUP-SPECIAL) may also allow this.
> -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Brad Wissink > Sent: Thursday, September 24, 2015 1:17 PM > To: [email protected] > Subject: Protect-ALL Fail issuing Warning messages > > We are running FDR/ABR and using it to backup our sandbox lpar volumes from > our > production lpar. We have been doing this for a long time and every so often > we get new > data sets on the sandbox system that do not have a RACF data set profile on > the production > lpar. we do not share RACF database across lpars. So we get messages like > this > > ICH408I USER(fakeid ) GROUP(fakegrp ) NAME(fakename ) > ICM.SICMLOD2 CL(DATASET ) VOL(ZOSDR1) > WARNING: RESOURCE NOT PROTECTED > ACCESS INTENT(READ ) ACCESS ALLOWED(READ ) > > We then define a RACF dataset profile, in this case ICM.* to protect the > datasets. > However, today someone pointed out that if you display our SETROPTS we have > > PROTECT-ALL IS ACTIVE, CURRENT OPTIONS: > PROTECT-ALL FAIL OPTION IS IN EFFECT > > So now my question is how can we be getting WARNING messages, when PROTECT- > ALL FAIL is active? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
