David Andrews wrote:
On Wed, 2006-12-06 at 09:02 -0600, Randy Harris wrote:
Does anyone know how IEBUPDTE can be locked down with the use of RACF?
I have certain users that I do not want to allow to use IEBUPDTE.
I cannot imagine why you would want to do this, or what you intend to
accomplish... but your business and all that. Knock yourself out.
But I will suggest that you simply tell those users not to use IEBUPDTE
-- then fire the first one who does. (After Lot's wife was turned to a
pillar of salt, nobody else looked back, right?)
This is a management issue. You are going through significant effort to
misuse the security system to plug an imaginary hole that can be easily
circumvented. Just tell your employees where the line is, then audit
them.
Better still - tell the auditors.
Let them do the dirty work.
Encourage their paranoia and get them to tell the culprits that using
"restricted" programs is a career limiting option.
Colin, the grumpy old Sysprog.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
