I've been reviewing our system accesses, and in the processing of reviewing recommendations for protecting ISMF I have come across some information that doesn't make a lot of sense. Specifically, I am referring to recommendations in Cahpter 14 of "z/OS V1R8.0 DFSMS Storage Administration Reference (for DFSMSdfp, DFSMSdss, DFSMShsm)" (SC26-7402-07) that recommend using RACF Program Control to restrict access to ISMF. It goes on to describe how to protect the ISPF programs that reside in SYS1.DGTLLIB. It further recommends that SYS1.DGLLIB be protected by a RACF data set profile with UACC(NONE) and accessed by users through the system link list to prevent a user from copying the load modules to another library and renaming them to bypass RACF program control.
What concerns me is that on our system DGTLLLIB is in the system link list, but is not APF authorized. It is a standard ISPF application that won't run APF authorized anyway. It seems to be that even if you did protect SYS1.DGTLLIB from unauthorized copying, a user could simply obtain a copy of the ISMF load modules from some other source outside of our company and control, bring it in ona thumb drive, FTP it from his workstation to the mainframe into his own library, and run it from there with no restrictions. Thus RACF program control doesn't seem sufficient if nothing else is protecting the underlying functions. With this in mind, is there something else protecting us from someone bypassing RACF program control with an unprotected copy of ISPF? Do the STGADMIN.** profiles in the FACILITY class protect the underlying functions? If so, is the RACF program control suggestion offer only a redundant protection? Or am I missing something else? Thanks for your help, Tim ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
