I hadn't really thought about (or researched) the display capabilities
of RACF. An RFE couldn't hurt if you find them lacking.
Once one's TSO/E administrative routines have been converted to use the
TSO segment, though, I think another good use of UADS is for recovery,
including DR. It's the only way to log on when you have no security
database, at least when RACF is the absent DB in question. I'd want to
have "some number" of sysprog user IDs to be in UADS for recovery
purposes. (And an appropriate MPF exit, for RACF!)
As SA restore is a serial activity and batch restore is not, minimizing
recovery time would seem to call for a small number of UADS-defined IDs
to speed overall restore time if your security DB happens not to share a
volume with some other data sets required to IPL and log on. But what do
I know?
Skip Robinson wrote:
Ah, UADS. A prime example of archaic mechanism. Defensible technically?
Probably not, although a security administrator who needs to know which
account numbers or which proclibs a user is authorized to use might tell a
different story. With UADS, a simple list command tells the story. With TSOE
segment, it's a data mining operation. This difference alone has inhibited
conversion in some shops.
<snip>
--
John Eells
IBM Poughkeepsie
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
