Thompson, Steve wrote:
Having done a few VSE to MVS migrations, let me speak to this at a
conceptual level.
What kind of security risk is it for someone to duplicate a volume with
sensitive data on it? This can be done with FLASHCOPY or physical volume
backup (DSS).
Granted, in a VSE shop, programmers get much more freedom than they do
under MVS.
And just like in the VSE shop, you can access NON-VSAM files as long as
you know the VOLSER where the data is. So a CLIP and a VARY ONLINE and
the data is available.
<snip>
Just to clarify...the data is accessible after a full-volume copy and
relabeling *if* SAF grants the user access to the data, which is
generally done by data set name using either generic or discrete
profiles without regard for the volume label. So within a particular
RACF (or doubtless ACF2 or TopSecret) environment, at least, I do not
understand one would regard this as a risk.
--
John Eells
z/OS Technical Marketing
IBM Poughkeepsie
[email protected]
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
