This is what lead to the discussion of how to flag an important issue:
--------------
I stumbled upon APAR OA14006 which documents new restrictions for
sharing
RACF databases in non-data sharing mode when systems are in AIM stage
1 or
higher. Let me quote from the APAR text:
Note: If your database is at application identity mapping (AIM)
level 1 or higher, all systems that update the OMVS segment of
USER or GROUP profiles, update the ALIAS segment of general
resource profiles (for example, any SERVAUTH class profile),
or run RACF utilities, must use GRS, must be in the same GRS
complex, and must be at OS/390 release 10 or any z/OS release.
Adding or deleting a profile that has any of these segments,
altering these segments or running RACF utilities from a system
outside this GRS complex may result in incorrect results and/or
database corruption. To prevent database sharing errors, it may
be useful to use RACF Program Control to restrict access to all
RACF commands that can update these segments to make sure they
cannot be used from systems outside a single GRS complex.
This design which was not documented before OA14006 was closed in
December
2005, inhibits a method of operation which has been used by a large
number
of RACF customers for decades. Any comments?
--
Ulrich Boche
------------------
Ed
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
