On 6/22/07, J R <[EMAIL PROTECTED]> wrote:
>In the JES2 Init deck, you can specify clear text passwords for RJE lines.
>That is a great reason for specifying UACC(NONE).
That sounds like a great reason for not keeping the JES2
Init deck in PARMLIB.
Yes, indeed. Otherwise someone with an approved need to see the LE
options (or something else) would automatically be able to see your
passwords.
A popular response to my "why do you need that" is people dreaming up
some possible emergency situation that never happened but might occur
some day ("when everyone else is sick and there is a sev 1, so I need
write access on production libraries all the time").
Where technically feasible, I like an approach where exceptional
access can be granted but is audited properly and requires
justification afterwards. If needed a separate RACF userid can be used
(because it is not something you need for your normal work). We found
"logonby" useful to implement this. If needed you could even have a
duty-manager involved in the process to grant accesss to the call-out
person (rather than share this week's operator password on the phone).
Rob
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
