On Tue, 28 Apr 2009 14:14:29 -0400, John Kelly wrote: ><snip> >There's a peculiar tunnel vision on this list. Remember not all users are >administrators. ><unsnip> > >hence SECURITY. If you can't use ADMIN and don't have READ access to a DSN >why would the system let you recover/restore it? > Follow the thread. Or at least read the Subject.
The scenario presented is that someone elsewhere has unloaded a load module library, to which he has proper authority, with ADRDSSU and transmitted the archive by FTP, carrier pigeon, whatever, to me here, where I have at least READ authority on that archive. It was the intent of the original owner that I be able to restore it here. I acknowledge that I may (probably) need to rename the received data set to match a profile in which I have WRITE authority. But why should the system prevent my doing this based on the assumption that the local RACF rules can somehow be applied to the sender's environment? But I see that there's a practical argument for using some format other than ADRDSSU, based on Richard Peurifoy's information that ADRDSSU is not generally available (I hadn't known that), and on the profound misunderstanding of the needs of security reflected in the misdesign of ADRDSSU. But enlighten me further. Is it widespread practice to dump secured data sets into unsecured archives, so that ADRDSSU may be making a futile effort to provide ex-post- facto security? As I said earlier, the attempt is doomed to failure at the hands of anyone who reverse-engineers ADRDSSU to bypass its security and perform the restore from the unsecured archive to data set names over which he has WRITE authority. Regardless oF adMINISTRATOR authority, the restore should be permitted to any programmer who has READ authority on the archive and WRITE authority on the restored (not necessarily original) data set names. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
