On 9/12/2005 5:46 AM, Perryman, Brian wrote:
Hi folks
I have some RACF reports that show some users requesting ALTER access to some dataset catalogs, in some cases, even to the master catalog.
What circumstances would cause this? The highest level I would expect on a user catalog would be UPDATE, and on the master catalog I wouldn't expect to see anything but READ..?
Confused..
If you have WARNING specified for the profile that protects a catalog
you will see this.
Catalog processing often checks for ALTER to the catalog before checking
other authorities that would allow an operation, and does so with an
audit specification of LOG=NOFAIL so failures won't show up. However,
if you specify WARNING, then the attempt succeeds, and you get both an
ICH408I message showing the access and an SMF type 80 record. Both the
message and SMF record will indicate that the attempt succeeded due to
WARNING, in this case.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
