On Fri, 22 Jun 2007 10:46:48 -0300, Mautalen Juan Guillermo <[EMAIL PROTECTED]> wrote:
>Mark: > >The RACF AUDITOR attribute is more than a READONLY ability. A RACF user >holding the AUDITOR attribute at system level can change any AUDIT >setting, both at SETROPTS and PROFILES levels. And those changes can be >dangerous. He can, for instance, turn on an audit option that floods >your SMF datasets, or turn off auditing options for sensible resources >causing an audit hole. Yes, I am aware of that. That wasn't the point of my post, so I didn't include that information. But that is part of the reason it takes a signoff each year from management for our auditors. > >AFAIK, IBM has received requirements for a READONLY attribute (same as >AUDITOR, but lacking the ability to make ANY change to AUDIT options), >but i do not know whether it will be implemented or not. > That would be nice. The ACF2 auditor attribute is like that. Top Secret doesn't even have a "auditor" attribute, but you can set up something similar. Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group: G-ITO mailto:[EMAIL PROTECTED] z/OS and OS390 expert at http://searchDataCenter.com/ateExperts/ Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
