Well put, Mr. RS. I can certainly envision this scenario in a large company with segregated roles. Conceptually this looks like various sub-function controls that CEMT has in the CICS world and the STGADMIN profiles in storage management world.
As to why IBM developed this, maybe someone asked for it....... It's easy enough to implement, easy enough to effectively bypass, though large organizations should think this through in case a role based methodology would be helpful in the SMPE staff. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of R.S. Sent: Friday, April 02, 2010 12:27 PM To: [email protected] Subject: Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use W dniu 2010-04-02 16:19, Paul Gilmartin pisze: > On Fri, 2 Apr 2010 10:41:36 +0000, Bob Shannon wrote: > >> We applied the APAR. We protect the SMP data. I'm sort of baffled why IBM felt SAF support was necessary for SMPE. >> > <Grrr> > Me either. And since it's called "integrity", we'll never know. It's a pity. I'd like to know. [...] > What is becoming of the philosophy, "Protect resources; don't restrict > access to tools." > </Grrr> I agree with the rule. However I would imagine the following scenario: multiple rules within SMP/E team. I.e. John can receive the service, but he cannot APPLY, because it's Fred's responsibility. Both need access to datasets. Think about granularity. Of course it's my guess only, but not so wild - see latest SAF changes in ICSF - very reasonable and a (very) little bit similar to those in SMP/E. Last but not least: What's a problem gyus??? Do you want it to work in the old manner? You need to issue 2-3 RACF commands: RDEF FACI GIM.** DATA('I dont like security for SMPE') UACC(A) SETR RACLIST(FACI) REF And voila. Happy Easter -- Radoslaw Skorupka Lodz, Poland -- BRE Bank SA ul. Senatorska 18 00-950 Warszawa www.brebank.pl Sąd Rejonowy dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru Sądowego, nr rejestru przedsiębiorców KRS 0000025237 NIP: 526-021-50-88 Według stanu na dzień 01.01.2009 r. kapitał zakładowy BRE Banku SA (w całości wpłacony) wynosi 118.763.528 złotych. W związku z realizacją warunkowego podwyższenia kapitału zakładowego, na podstawie uchwały XXI WZ z dnia 16 marca 2008r., oraz uchwały XVI NWZ z dnia 27 października 2008r., może ulec podwyższeniu do kwoty 123.763.528 zł. Akcje w podwyższonym kapitale zakładowym BRE Banku SA będą w całości opłacone. ------------------------------------------------------- --------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
