On Tue, 18 Mar 2008 08:49:09 -0500, Rick Fochtman <[EMAIL PROTECTED]> wrote:
>-----------------------<snip>-------------------- > >>Not that I know of, unless you have one of the ISV RACF admin products like >>BETA88, Vanguard, Consul/RACF (purchased by IBM, now Tivoli RACF admin). >> >>That is one of the things I always liked about ACF2. You just copy a userid, >>or add a new one with the correct UID and everything works. Every shop >>I've ever been at (and I've been at a lot - especially when I was consulting), >>it was always a battle after my userid was added. A permit here, a permit >>there and eventually I got everything I needed. >> >> >--------------------<unsnip>--------------------- >Mark, that's why I'm such a strong advocate of the use of user groups in >RACF. Add the user, connect him to the right groups, anv voila, you're done. > >And I always put an entry in the GLOBAL DATASET table such that he has >ALTER access to datasets that start with his own userid. > Most shops use groups properly. But the "connecting to the right groups" is the part that is the problem. Some RACF admins have a "template" by job function or perhaps list an existing user and then connect the new user to those groups. But I don't see "all users are created equally" in the same job function in my experience. I challenge you or anyone else on this list who can, to get a list of connect groups for their own userid and several sysprogs with the same job function. I'll bet you will find differences in many cases. The same could happen with ACF2, but in my experience I don't see ACF2 rules being written down to the specific userid level in the UID string. Mark -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group - ZFUS G-ITO mailto:[EMAIL PROTECTED] z/OS Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
