On Tue, 26 Feb 2008 00:48:34 -0600, Paul Gilmartin wrote: >On Mon, 25 Feb 2008 13:08:53 -0600, Dave Kopischke wrote: >> >>We have a JCL checker application that verifies dataset access for a JOB. >>Through routine use of this product, we end up with thousands of access >>warnings on our daily RACF reports. This is not a hacking attempt. If there >>were hacking attempts occuring, it would be tough to see them through the >>noise though. >> >I wonder that you get "thousands of access warnings ... daily". Are >your programmers commiting so many potential access errors in the course >of coding their JCL? How many programmers does it take to do that? >
When I run a JCL scan under TSO, the product uses my user ID information to evaluate access. If I'm not going to be allowed access, it notes it and logs it even though when the JCL actually runs in production, it will use a different JOB card and different USER parameters. I can change this by coding JCL parameters to mimic production, but if I don't notice it or don't know what the proper parameters are, I get security violations. If it's a large JOB, I get lots of security violations. It's still not a hacking attempt. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
