> On Dec 14, 2016, at 9:05 AM, Edward Gould <[email protected]> wrote: > > Thirty + years ago (pre-RACF) we put update password on the mastercats. > Worked like a charm for us. > > Ed >> On Dec 14, 2016, at 1:16 AM, Elardus Engelbrecht >> <[email protected]> wrote: >> >> Jesse Robinson wrote: >> >>> And once you have all protections in place, remember that someone has to >>> have the key to master catalog. Whoever that is--including you--may >>> occasionally get caught by a missing alias. At every shop I've worked in, >>> userids are defined and managed by a non-sysprog department. If they set up >>> a new user, especially a new sysprog, a missing alias may be caught only >>> after many data sets have gone to master catalog. So it pays to check now >>> and again even with all recommended protections set up.
>> I didn’t say it was perfect solution but that it worked. BTW we used ALTER >> (IDCAMS) to put the password on. This is a quick and dirty way of doing it. Ed >> Good catch! I agree 1000000% with you. >> >> I would check every day, not now and again, that everything is in order. >> >> Just do daily audit on MCAT with event=access and intent = update or higher >> and outcome = success and failure. >> >> >> retired mainframer wrote: >> >>> In addition to protecting the master catalog, you should prohibit HLQs for >>> which there is not a group or user profile. Then make it part of your >>> procedures whenever a new user or group is created to simultaneously create >>> the catalog alias. >> >> Indeed. That will save you gray hairs. >> >> We have formal procedures for that. Say for new TSO ids, a request must go >> to 3 teams: RACF, storage and billing. >> >> Groete / Greetings >> Elardus Engelbrecht >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
