.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Thu, 10 Jul 2025 01:56:02 -0500
From:Roger Lowe
Subject: Auditing/Logging of DSFS activities
Trying to find a w
ontrol as discussed above. If a user deviates from using
their own ID as the prefix, then perhaps restrict it what they can choose.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
k it wise to create
MVS.MCSOPER.mcs/smcs-console-name profiles with no permissions so they can't be
specified as their use may cause confusion.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original M
es without having to have an OPERPARM segment, including an AUTH
setting. To use this operand, you need READ access to TSOAUTH resource CONOPER.
There are no restrictions on what attributes you specify.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linke
batch IDs.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Wed, 11 Jun 2025 09:05:33 -0400
From:Roberto Halais
Subject: STC Userids
I would like some feedback on
used ALTUSER PWCONVERT to
immediately convert all passwords to KDFAES encryption. This does not, however,
convert password phrases. The fallback is to activate the IRRUT200 backup that
should have been take immediately prior to this event, which we've never had to
do.
Regards, Bob
Robert S. H
g a system maintenance period.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.comm
-Original Message-
Date:Fri, 25 Apr 2025 19:11:31 +
From:Jasi Grewal
Subject: Enabling the KDFAES encryption alg
access, which is
all but impossible in an ISPF environment because so many different programs
may be executed.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Tue, 25
names specified.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Sun, 17 Nov 2024 12:21:27 -0600
From:Paul Gilmartin
Subject: RAC
he chaudit command to change the bits. For example,
to remove failures auditing for execute/search, enter "chaudit x-f
directory-name". To change the Owner audit bits if you are not the Owner, you
must be Superuser. To change the Auditor bits, you much have RACF AUDITOR
authority.
Re
controlling the use of the JES-FTP interface.
SERVAUTH EZB.FTP.sysname.ftpdaemonname.ACCESS.JES
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
HI Lizette,
Why not use the RACF database unload IRRDBU00 output instead?
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Sun
aopstop
via this group.
I recommend aopsetup be rerun with the proper groups specified.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message
Hi Juan,
I've typically seen this done in TSO logon PROCs that execute a CLIST or REXX
program that executes the PROFILE command to automatically reset the PREFIX for
the user during each logon.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialis
batch jobs to execute.
Most installations do not generate daily/weekly reports on undefined users, so
they go unnoticed unless the lack of an ID causes a security violation.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969
HI Mike, (replying on both RACF-L and IBM-MAIN)
I misunderstood what you were proposing in your initial reply on IBM-MAIN. I
thought you were advocating setting default access of NONE on all Linklist
libraries. I now understand you are advocating setting default access to READ,
which I gene
Hi Mike,
Did you mean to say UACC(NONE) at the end of your second sentence?
This isn't a 'best practice' I've heard of or necessarily agree with. At best,
it would be a low priority and evaluated on a case-by-case basis. As you no
doubt know, all the programs in the Linklist are available to ev
ric to standards.
>
>
>
> ____________
> From: IBM Mainframe Discussion List on behalf of
> Robert S. Hansel
> Sent: Friday, June 21, 2024 7:50 AM
> To: IBM-MAIN@LISTSERV.UA.EDU
> Subject: Data Set Commander Monitor (DSCMON) Access Authority
>
your replies.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
<http://www.linkedin.com/in/roberthansel> www.linkedin.com/in/roberthansel
<http://www.rshconsulting.com/> www.
statement parameter AUXSAF. See
presentation above for details.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
gards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Mon, 17 Jun 2024 15:28:13 -0500
From:Stuart Holland
Subject: Re: RACF permissio
.
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
Upcoming RSH RACF Training - WebEx
your resource
managers processing logons can handle special characters.
Longer term solution is MFA.
I recommend you contact the authors of this regulation and ask them to provide
you with the list of common passwords they expect you to disallow.
Regards, Bob
Robert S. Hansel
Hi Linda,
How do you define "common password"?
Regards, Bob
Robert S. Hansel 2024 IBM Champion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Wed, 28 Feb 2024 15:3
t and can you provide its
URL?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
--
For IBM-MAIN subscribe / signoff / archive a
rmation, try adding the UAUDIT
attribute to the ID to record all its access activity. This activity might
provide some clues as to how and from where the ID is being used. If you have
zSecure Access Monitor, it can also provide helpful access activity information.
Regards, Bob
Robert S. Hansel
Lead
Hi Peter,
You might also find my presentation on SDSF and RACF helpful, which I just
posted on my website.
https://www.rshconsulting.com/RSHpres/RSH_Consulting__SDSF_and_RACF__November_2023.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
ronment is running.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Date:Wed, 29 Nov 2023 16:18:49 +
From:Rob Scott
Subject: Re: RACROUTE REQUEST=AUTH problem
Ye
ring_&_Reporting__May_2019.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
Upcoming RSH RACF Training - WebEx
- RAC
PRIVILEGED or TRUSTED for any tasks
but relented once I learned of this for the sake of system availability. I now
warn clients whenever I discover any of these tasks running without TRUSTED.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in
https://www.ibm.com/docs/en/zos/2.5.0?topic=management-requirements-participating-in-automatic-restart
What healthcheck reported the issue?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.rshconsulting.com
-Original Message-
Hi Colin,
What is the product? If you share this, perhaps someone who is familiar with
the product and may have already addressed this issue can respond.
Ask the vendor if access to FACILITY BPX or UNIXPRIV resources could be used in
lieu of Superuser authority.
Regards, Bob
Robert S. Hansel
ULOG. ULOG will show you all the access
checks SDSF is making along with the results of each of these checks. SECTRACE
is a phenomenal diagnostic tool that we use often.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 30th Ann
Ed,
What you suggest only applies to DATASET profiles. With General Resource
profiles such as those for OPERCMDS, the profile is always Discrete if fully
spelled out and Generic only if it has masking characters.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc
Hi Lizette,
What, if any, ICH408I messages do you see in SYSLOG.
Do you have the necessary FACILITY STGADMIN profile permissions to perform
these functions?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 30th Anniversary ***
617-969-8211
//SYSINDD DUMMY
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROF MSGID WTPMSG
OSHELL echo id | su
OSHELL print 'id' | su
Regar
Hi Mark,
The option prevents all the violations when you 's' select the entire job. It
won't help when you
select the job with ? and then select individual SYSOUTs. For the latter, it is
WAD.
Regards, Bob
Robert S. Hansel35 years of RACF Experience
Lead RACF
Mark,
I'm surprised it didn't work. Did you code a CUSTOM(proplist) parameter in
_all_ your GROUP statements that points to the PROPLIST NAME(proplist)
statement with the PROPERTY parameter? And did you refresh the ISFPARMS in all
the SDSF servers?
Regards, Bob
Robert
July 2008 issue of our RACF Tips newsletter.
https://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__July_2008.pdf
Regards, Bob
Robert S. Hansel35 years of RACF Experience
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.t
ccess authorization check. I've only come across one
installation that had an exit to do just what you suggest.
Regards, Bob
Robert S. Hansel35 years of RACF Experience
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.co
don't provide it, or at least monitor activity to
discover who is checking you out. Why make it easy for someone to probe your
system undetected.
The STIG and the RACF SAG should both be amended to indicate the PARMLIB
concatenation, not just SYS1.PARMLIB.
Regards, Bob
Robert S. Hansel
report you are looking for without having to write a
single line of code. I suggest you contact your RACF Admin team to ask them
about the availability of an IRRDBU00 unload and zSecure.
Regards, Bob
Robert S. Hansel35 years of RACF Experience
Lead RACF Specialist
Gadi,
Use of the operand REVOKE(date) requires SPECIAL. It might work if the user
executing the ALTUSER command is the owner of the user profile (e.g., ).
Regards, Bob
Robert S. Hansel35 years of RACF Experience
Lead RACF Specialist 2021 #IBMChampion
RSH
ograms? My extreme SWAG is that it is being used to handle
password expiration and password changes.
Regards, Bob
Robert S. Hansel2021 #IBMChampion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshcons
, Bob
Robert S. Hansel2021 #IBMChampion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
---
Upcoming RSH RACF Tra
m/racftips/RSH_Consulting__RACF_Tips__January_2013.pdf
Regards, Bob
Robert S. Hansel2021 #IBMChampion
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshcons
Hi Jasi,
You would most likely only see a RACF SMF DELRES event record for the deletion
if the DATASET class is included in SETROPTS AUDIT set of classes. If DATASET
is set for AUDIT, be sure your RACFRW command specifies EVENT ALLSVC.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH
sting masked passwords to DES
using PWDCOPY.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
---
Upcoming RSH
.
If JESINPUT and JESJOBS are active, look at associated Access Monitor records
as they may provide further details.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsultin
it without a
password.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
---
Upcoming RSH RACF Training - WebEx
ete output. Then, assuming they
specified ON, have the user execute the ULOG command to see the RACF calls and
their results. This assumes the user has authority to use ULOG - SDSF class
resource ISFCMD.ODSP.ULOG.jesname or the ISFPARMS equivalent.
Regards, Bob
Robert S. Hansel
Lead RACF Spec
SOLE ** UACC(READ) <- Optionally add AUDIT(ALL) for future
remediation
SETROPTS CLASSACT(CONSOLE)
SETROPTS RACLIST(CONSOLE) <- Optional, but recommended for
performance
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/ro
Ituriel,
Very clever. However, I recommend using the 0203 record for group connections
instead of the 0102 record. If the user is connected to a UNIVERSAL group,
there won't be a 0102 record unless the user has an authority greater than USE.
Regards, Bob
Robert S. Hansel
Lead RACF Speci
Paul,
Is there a reason this has to be done in Assembler? Using TSO batch, you could
simply execute command:ALTUSER userid RESUME
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Tue, 1 Oct 2019 11:10:21 +0100
From:Sean Gleann
Subject: Re: Tracing RACF?
Joao: yes, I
to match the access granted
by corresponding GAT entries.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Wed, 25 Sep 2019 14:33:40 +
From
f our survey have been posted to our website. Go to the "RACF
Center" webpage, click on "RSH RACF Surveys", and then click on the survey
link itself. Many thanks to the 39 individuals who participated.
www.rshconsulting.com
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH
Clark,
The answer to your original question is 'yes'. With regard to FDR, see the
following article in our RACF Tips newsletter.
https://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__January_2008.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, In
Skip,
Rather than trying to read the tapes, since you are discarding them, use
EDGINERS to erase them.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
www.twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message
Todd,
In RACF, if the WRITER class is active, is the UACC set to READ for the profile
protecting resource jesname.LOCAL.OFF2.ST, where 'jesname' is the name of your
JES subsystem?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linke
Todd,
Unfortunately, ERASE only works on DASD datasets. It doesn't do tapes, even
virtual ones. Clever idea nonetheless.
George,
Does your tape management product or VTL hardware vendor provide utilities for
this task?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
https://twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Mon, 16 Apr 2018 18:22:32 +
From:"Pommier
x27;s equivalent? If it does, have you tried the
function with an ID that does not have this access?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
https://twitter.com/RSH
If you are new to
RACF some changes require the "in memory" copy to be refreshed before the
change takes effect.
On Thu, Mar 15, 2018 at 6:05 AM, Robert S. Hansel (RSH) <
r.han...@rshconsulting.com> wrote:
> Hi Ron,
>
> Here are a couple of thoughts.
>
> When you c
erent RACF database than the one where you created the profile?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
https://twitter.com/RSH_RACF
www.rshcons
recommend you define &RACLNDE in each of your RACF databases and in each such
profile include only the nodes for the systems sharing that particular
database. Do so even on standalone systems or Multi-Access Spool
configurations. This will facilitate spool reloads.
Regards, Bob
Robert S. Ha
udit class FSOBJ.
Use caution in auditing Unix events because of the potential high volume of SMF
records.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_
ges do not exclude 80 records, you are correct that they
are being collected. Also look for SUBSYS settings that might be excluding them
for certain subsystems.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
61
, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Tue, 19 Dec 2017 18:10:10 -0600
From:Peter Ten
Peter,
If this is a RACF protected system and depending on what audit settings were in
effect, you might see an SMF 80 record for the unmount. The event code is 55.
If you have SMF unload records available, look for event UMNTFSYS.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH
it on our "RACF Center" webpage along with other useful RACF
information.
http://www.rshconsulting.com/racfres.htm
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://
or IRRHFSU for the entire file system with a USERID having the UAUDIT attribute.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rs
using to create IDs? What if any
segments is it creating along with the ID? There may be other pre-command
checks we can recommend.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc. *** Celebrating our 25th Year ***
617-969-8211
www.linkedin.com/in/roberthansel
le or you want to exclude groups or
users from a Group-SPECIAL administrator's scope-of-groups.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.co
Hi Skip,
Point of clarification. IRRDBU00 no longer required UPDATE access with
NOLOCKINPUT as of z/OS 2.2.
Regards, Bob
-Original Message-
From: Robert S. Hansel (RSH) [mailto:r.han...@rshconsulting.com]
Sent: Wednesday, May 24, 2017 6:07 AM
To: 'IBM Mainframe Discussion
the database, and BLKUPD
to repair the database.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message
ompress on any dataset.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Tue, 23 May
st have exactly the same UNIT, SPACE, and
DCB characteristics as the source database, including CONTIG. The copy needn't
be PSU unless you plan to RVARY SWITCH to it so that it becomes live.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Speci
inconvenient. I'm
hoping the IBMers monitoring this list will take note and have this
rectified. I complained through the website, but got no response.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969
n the performance of ERASE
in z/OS 2.1 and 2.2.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsultin
following scenario:
1. The job or user allocates a temporary data set.
2. You activate the TEMPDSN class.
3. The job or user opens the data set.
4. Because activating the TEMPDSN class restricts the authority to open a
temporary data set, the user or job receives an abend.
(end-quote)
Regards, Bob
nd verify it is the correct source for these
logons.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rs
y BTI reads your BATCHO#n (which is
empty) and writes it contents to SYSPRINT.
Jeffrey Holst
On Tue, 7 Mar 2017 14:14:37 -0500, Robert S. Hansel (RSH)
wrote:
>Greetings all,
>
>I was able to get SASSBSTR running successfully, but in the process may have
>discovered a bug in the pr
use the ones in CA7's
configuration, I get output as expected. Yet, the job runs successfully with
RC=0 in both cases, and there are no error messages of any sort.
Thank you to all who offered suggestions and advice.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years workin
, the output from the LJOB
command. I've searched the manuals and cannot figure out how to the get the
output I desire and was hoping someone could be of assistance. TIA.
Regards, Bob
Robert S. Hansel *** Celebrating 30 years working with RACF ***
Lead RACF Specialist
RSH Consulting, In
Hi Ed,
If you are curious as to what RACF exits installations are using, see our
survey of a few years ago. (Beware of line wrap.)
http://www.rshconsulting.com/surveys/RSH_Consulting__RACF_Survey_013__Exits.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969
because it allows a user to look at all
profiles and SETROPTS options without changing any audit settings.
Just curious, in your 'elevated access' report, do you include users with UID 0
or access to BPX.SUPERUSER?
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, In
the related
dataset.
This is going to make protecting sensitive datasets more complicated. I wonder
if IBM's Health Check for APF library protection will now include aliases as
well.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
to a SIEM product, you may be able to use its
capabilities to generate your report.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshcons
Hi Thomas,
Is the FACILITY class RACLISTed on the system where you are having the problem?
Look for it in the section titled "SETR RACLIST CLASSES" in the output from a
RACF "SETROPTS LIST" command.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consultin
Hi Mark,
See the article "Outsource Risk" in the October 2014 edition of our RACF Tips
newsletter.
http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__October_2014.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linke
aking backups or copies of a live RACF database.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com
-Original Message-
Date:Tue, 16 Feb 2016 21:48:37 +0100
From:
"RACF Database Backup" can be found on the RACF Center webpage of our website
at the following URL. For those unfamiliar with our website, you'll find lots
of other useful RACF information there as well.
http://www.rshconsulting.com/racfres.htm
Regards, Bob
Robert S. Hansel
Lead
Sharon,
In addition to the products others have mentioned, also consider EKC's products
- www.ekcinc.com
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsultin
ew its
JESINTERFACELEVEL configuration parameter and related RACF controls. See our
RSH RACF Tips article on this topic:
http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2010.pdf
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin
Hi Ed,
If you will be using the FTP JES interface, I suggest you review our RACF Tips
newsletter article on this topic.
http://www.rshconsulting.com/racftips/RSH_Consulting__RACF_Tips__April_2010.pdf
Regards, Bob
-Original Message-
Date:Fri, 17 Apr 2015 01:34:16 -0400
From:Rob
is circa 1984.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshconsulting.com
---
2014-2015 RACF Training
- Audit
content of
the profiles. My advice to the OP would be to delete the TSO segment and
recreate it just in case there are other problems with the information stored
in RACF for this user.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in
I messages. You'll either need to
define the programs with their associated libraries to RACF or, unless you are
specifically trying to create a daemon that needs BPX.SERVER authority, remove
your access to the latter.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, In
which your USERID is in
the access list? Execute RLIST UNIXMAP U12345 ALL to check.
Regards, Bob
Robert S. Hansel
Lead RACF Specialist
RSH Consulting, Inc.
617-969-8211
www.linkedin.com/in/roberthansel
http://twitter.com/RSH_RACF
www.rshcons
1 - 100 of 107 matches
Mail list logo
