> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Randy Harris > Sent: Wednesday, December 06, 2006 9:03 AM > To: [email protected] > Subject: restricting use of iebupdte > > > Good Day, > > Does anyone know how IEBUPDTE can be locked down with the use of RACF? > > I have certain users that I do not want to allow to use IEBUPDTE. > > I have added IEBUPDTE to the general resource profiles in > class PROGRAM. > > I then gave access to the users that I want to have access. > > It doesn't seem to make any difference. > > Thanks,
The only real way, and it is not very effective, is to REMOVE the program from SYS1.LINKLIB and put it into another library. This second library must have UACC of NONE and only READ access to restricted users. This assumes that you can trust those users to not copy it into yet another library. IEBUPDTE is not APF authorized. In my not-so-humble opinion, this is silly. Secure the datasets, not the programs. The only programs which may need securing would be ones which are APF authorized. APF authorized program __may__ bypass RACF. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology This message (including any attachments) contains confidential information intended for a specific individual and purpose, and its content is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this transmission, or taking any action based on it, is strictly prohibited. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
