On Mon, Feb 25, 2008 at 2:08 PM, Dave Kopischke <[EMAIL PROTECTED]> wrote: > On Sat, 23 Feb 2008 10:07:24 -0600, Walt Farrell wrote: > > > >One could argue that letting you determine your access to resources without > >actually trying to use them (and thus without causing audit records) is a > > >form of hacking. You're looking around trying to figure out what you can > >do, rather than simply doing your job. > > > > We have a JCL checker application that verifies dataset access for a JOB. > Through routine use of this product, we end up with thousands of access > warnings on our daily RACF reports. This is not a hacking attempt. If there > were hacking attempts occuring, it would be tough to see them through the > noise though. > > I'm going to try to see if I can have this product changed to use a > non-logged > access check. > Another legitimate (IMO) use of this sort of function is a to automatically convert an ISPF Edit request to View in the event that the user does not have UPDATE access to the requested data set. This helps to reduce accidental violations.
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
