On Tue, 26 Feb 2008 08:35:10 -0600, Walt Farrell wrote: >On Mon, 25 Feb 2008 13:08:53 -0600, Dave Kopischke ><[EMAIL PROTECTED]> wrote: > >>On Sat, 23 Feb 2008 10:07:24 -0600, Walt Farrell wrote: >> >>>One could argue that letting you determine your access to resources without >>>actually trying to use them (and thus without causing audit records) is a >>>form of hacking. You're looking around trying to figure out what you can >>>do, rather than simply doing your job. >>> >> >>We have a JCL checker application that verifies dataset access for a JOB. >>Through routine use of this product, we end up with thousands of access >>warnings on our daily RACF reports. This is not a hacking attempt. If there >>were hacking attempts occuring, it would be tough to see them through the >>noise though. >> >>I'm going to try to see if I can have this product changed to use a non- logged >>access check. > >That makes sense. Perhaps what you need, though, is a method allowing your >application developers to run the JCL checking procedure against the proper >user ID. You could let them put the JCL into a library with a known name, >for example, and then have them run a program that either: >(a) issued a command to run an STC to do the check, with the STC running >under a more appropriate user ID; or >(b) switched identity to the proper production ID and then submitted the JCL >Check job. >
Walt, This sounds like a better approach, but we've got different combinations of USER= parameters to match up to dataset requirements within particular JOBs. I'll have to map this out and see if something like this can be workable. Thanks !!!!!!!!!!!! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
