Re: STGADMIN.ADR.DUMP.TOLERATE.ENQF

[R.S.]

Frank Swarbrick pisze:
STGADMIN.ADR.DUMP.TOLERATE.ENQF is required for a user to use TOLERATE(ENQF) on a DSS 
dump.  What is the security issue this is "protecting" against?  Or is it just 
more of a data integrity issue?

No.
An access to the resource STGADMIN.ADR.DUMP.TOLERATE.ENQF is NOT 
required to use TOL(ENQF). All the 
STGADMIN.ADR.everything-but-second-STGADMIN resources are used to 
*optionally* deny access.

In other words:
STGADMIN.ADR.non-STGADMIN - no profile means access for everyone.
STGADMIN.ADR.STGADMIN.** - no profile means no access.

That's big difference. "Dangerous" functions are denied by default, 
while other functions CAN be denied (controlled) if you wish so.
IMHO it's state of the art usage of RACF profiles.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 16.07.2010 r. kapita zakadowy BRE Banku SA (w caoci wpacony) wynosi 168.248.328 zotych. 

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html