Barbara, Rocket Software partnered with IBM to enhance SDSF a couple of years ago - the initial result of this work was the SDSFAUX server and the new commands in SPEs for 2.1 and 2.2.
SDSF users should only see menu options enabled for commands that they have ISFCMD SAF authority to, this has not changed in SDSF 2.3. Access to ISF.CONNECT only allows the user to use SDSF server provided facilities, it does not grant access to any command and it does not override ISFCMD SAF authority. The access check to ISF.CONNECT was introduced in the SPE that introduced the SDSFAUX server, however "where" the check was made has changed in SDSF 2.3. You are correct in that the meaning of "SDSF Server" really means both the SDSF and SDSFAUX address spaces in z/OS 2.3. As stated in another reply, I am working to get the migration documentation updated. Rob -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Barbara Nitz Sent: Thursday, July 5, 2018 6:55 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: ISF.CONNECT.* I am curious: Why is Rocket Software defending missing SDSF actions and bad documentation??? Has IBM 'outsourced' the SDSFAUX server? I am annoyed with the ISFTABL thing (which we addressed in our logon procedure), too, because that message was irritating all of us. The ISF.CONNECT thing is much more irritating: When you customize SDSF, quite clearly the users only saw in the functions they were entitled to use. That was true up to z/OS 2.1. (Can't speak for 2.2 since we went straight to 2.3.) I feel strongly that issuing the ICH408I for *every* user is not an RFE thing, it is a blatant error since we do NOT get ICH408I for all the other functions that the users are not entitled to. Besides, the message is bogus, since the not priviledged users all can work and do the same things that they always could. Rob, in case you are not aware: From a RACF point of view, users should ONLY see what they have to see. That is not only corporate mandate where I work, it is also a general principle that all banks in Germany are forced to obey. So needlessly allowing users to see/access things that they cannot use because the RACF test for ISF.CONNECT does not follow SDSF standards is against all usual practices. We have taken more than our share of calls because of that. Since you cited the SDSF customization Guide: I went through it. And the wording 'SDSF SERVER' isn't clear at all, because that encompasses both the SDSF address space itself *and* SDSFAUX. The rest of the occurences for that profile name are all as a second mandatory access right when some function located in SDSFAUX is used. That is also the way the ptfs I installed in 2.1 (that gave us SDSFAUX) worked. Given the reaction here (and since this is obviously a Rocket Software thing), I will not waste my time opening an RFE. I will just define that profile and then tell the auditors to take this up with IBM by showing the documentation. Barbara ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
