Bruce Black wrote:
Again, misunderstanding. NO!
I said (or wanted to say) something different:
At most READ to every DATASET profile covering the datasets on the
volume, *plus* less than ALTER to relevant DASDVOL profile.
In other words, it is not enough to have READ or less to dataset
profiles. Not enough in terms of readonly access.
Most users will not have DASDVOL authority of any kind; if DASDVOL
profiles exist at a shop, authority is usually llimited to storage
administrators who must do volume maintenance or backups. So granting
only READ authority to datasets on a volume will make it practically
read-only.
In my limited experience, it is not uncommon to forget about DASDVOL
class and its purpose. Among other things that meant "ICKDSF for
everyone". Of course it's just mistake.
Last but not least: we talk about all things needed to achive something,
not "popular things".
However, if I recall my RACF correctly, it is not easy to make datasets
read-access by volume. Generic profiles are by dataset name, and I
think you need discrete profiles to create authority by volser (I could
be wrong, not my expertise).
Anyways, I don't think RACF is a good way to try and make a volume
read-only, but you can come pretty close with just DASDSET profiles, IMHO.
Generic profiles can or cannot be used, it depends. However discrete
profiles surely can be used, for sure some simple tool should be used to
create the profiles automatically. DCOLLECT + some REXX + 2-3 hours
would be enough.
BTW, I believe that some disk vendors have ways of marking a disk
read-only, but it may not be documented..
In fact, RACF will never give you 100% confidence. Started tasks with
PROTECTED or TRUSTED attribute don't care about RACF profiles, there is
PPT, authorized code, etc.
Hardware feature is the only effective way.
BTW: Why to bother on R/O volume at all ?
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
