> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Leonard Woren > Sent: Tuesday, September 13, 2005 10:08 PM > To: [email protected] > Subject: Re: RACF Stop/Start? > > > On Tue, Sep 13, 2005 at 02:24:59PM -0500, McKown, John > ([EMAIL PROTECTED]) wrote: > > Your auditor is likely used to an ACF2 or TopSecret shop. > If the ACF2 or > > TSS started task is not running, then your security system > is down and > > things are nasty (I've done that too, I'm old and made many mistakes > > over the years). RACF does not have this vulnerability. > > Seriously, that's a feature, not a "vulnerability". Trying to fix > things when your RACF db is broken is damn near impossible. Trying > to fix things when your ACF2 db is broken is just really aggravating. > There's a 2 orders of magnitude difference there. > > Caveat: The above is based on my experience with having been in both > situations, but long ago. However, I have not heard anything since > which would lead me to believe that anything has changed. > > With ACF2, you can stop the address space, fix the db, restart the > address space and you're running normally again. Can this be done > with RACF? With ACF2, you can stop it and restart immediately > pointing to an alternate db with a different name on a different > volume. Can you do this with RACF? > > > /Leonard
I did that. I've destroyed both an ACF2 database and a RACF database. Clever, aren't I? The ACF2 problem was like 20 years ago and was not too difficult to repair. Just a pain to reply to all the WTOR messages (no automation way back then at that shop). The RACF disaster was about 2 months ago. If I had not had a backup RACF database (only 1 day old), and no alternate system (I had both), it would have been a SEV 1 to recover. But with an alternate RACF database, it was a simple RVARY command to switch to the valid (but slightly out of date) RACF db. I may be the RACF "person" here, but I am woefully ignorant of it. And I don't really have time to learn. Not to mention bureaucratic inertia. And the "mainframe is not worth the time" attitude. -- John McKown Senior Systems Programmer UICI Insurance Center Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its' content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
