On 27 Nov 2006 07:26:02 -0800, in bit.listserv.ibm-main
(Message-ID:<[EMAIL PROTECTED]>)
[EMAIL PROTECTED] (McArthur, Iain , Resolution)
wrote:
We recently migrated from ACF2 (where the sysprogs had
NONCNCL) to RACF and
are really fed up getting S913 abends when installing
software products from
tape. Every software manufacturer appears to use a
different 'standard'
which isn't even consistent across their own range of
products. Short of
switching off tape dataset protection (which wouldn't go
down well with the
auditors) or creating new data set profiles every time we
install a new
product (which needs Data Security involvement) is there
any easy way round
this problem? I would be interested to know what other
shops do. I tried
searching the archives but couldn't get the right hits.
1. Management, and even auditors, might buy off on an exit
which bypasses the security checks on *foreign* tapes. Or,
perhaps, an exit which does that only when the job is run
by someone in the sysprog group.
2. Since the auditors didn't mind NONCNCL, maybe you should
consider giving the sysprogs RACF OPERATIONS. I don't know
what percentage of vendor tapes that will allow them, but
it's worth a try. If you can get away with giving them
both OPERATIONS and SPECIAL (yeah, right), they'll be able
to read almost anything.
--
I cannot receive mail at the address this was sent from.
To reply directly, send to ar23hur "at" intergate "dot" com
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
