> On Oct 2, 2017, at 3:18 AM, R.S. <[email protected]> wrote: > > > Well, I "was born" long after IBM started using other HLQs, not only SYS1. > And see no problem with that. Including RACF definitions which are really > simple to manage. The "rock solid SYS1 rule" seems to be a little bit > obsolete for last 20 years. > IMHO there are less troubles and surprises when following current IBM rules, > than when trying to change them. > > Regards > -- > Radoslaw Skorupka > Lodz, Poland
To me it was a quick change and it was painless. I don’t have a hardcopy of our sys1 rule. BIIRC we set up to explicitly name the datasets we allowed and anything else was verbotten. We were also a strictly COBOL shop so things like sys1.maclib was off limits. The auditors would not allow us to write rules, so if we were in on Sunday 0300 and a rule had to go in at the same time, the security people were there. Hey if they won’t give me access then the people who can are there along side. In downtown Chicago generally we couldn’t find a restaurant open around then so everybody bought the own coffee and donuts. The security people hated us because of this (I had a good relation to the head of the security group so he didn’t complain), When I had to do some emergency mass changes to production because JES2 didn’t warn us ahead of time (No hold data) the security people were there so I had someone looking over my shoulder for stuff like this, but I did not mind. The installation meeting the next day to explain was always fun. Try explaining ++HOLD to people that could barely understand JCL. I was very proactive and always looked at reports on violations as it probably meant I was going to have to battle a programming supervisor and I loved those battles. Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
