On 9/22/2006 10:54 AM, Chase, John wrote:
-----Original Message-----
From: IBM Mainframe Discussion List On Behalf Of R.S.
Chase, John wrote:
Is there documented anywhere the "recommended" RACF access
characteristics of the SYS1.BRODCAST data set? [ snip ]
It is documented in SAG (RACF Security Admin. Guide)
Appendix: Security for System Data Sets.
However the recommendation has changed. Now (z/OS 1.7) it is READ.
I suspect the change is because of application changes - you
can define "personal" BRODCAST datasets.
Thanks. I see it is UACC(READ) in the z/OS 1.5 SAG as well.
In fact, as far as I know, since TSO/E implemented its B1 support in
about 1990, on systems protected by RACF users should not need any
access to SYS1.BRODCAST if they are just using LISTBC or SEND. Those
commands run authorized and bypass security when OPENing the system
broadcast data set or an individual user log data set.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
