Agree 100 % These are tools and facilities ... not resources as such. I remember we near spent few hundred thousand euros for a product,onto a non mainframe platform because someone years ago had decided that FTP was not to be used by anybody else than the system people. Luckily because the new project was costing so much we ( I) were involved in finding out what was the problem. The problem was simply that IND$FILE could not complete the numerous needed transfers in a single night. So we gave them what they needed and they had their files in a few minutes. We got their eternal thanks ( they had been suffering for years )
Bruno Sugliani zxnetconsult(at)free(dot)fr http://zxnetconsult.free.fr On Thu, 7 May 2009 11:18:02 +0200, R.S. <[email protected]> wrote: >Does your storage admin have access to COBOL compiler and binder? >Is IDCAMS protected as ADRDSSU? IEBCOPY? > >Programs are TOOLS. The holy rule of security says: Protect RESOURCES, >not the tools. >Programmer can or cannot use ADRDSSU. I can or cannot use COBOL >(whatever) compiler. Is it dangerous to have the access to the compiler? >ADRDSSU (with ADMIN disabled, which is default)) is no more powerful >than IEBGENER or binder. It doesn't circumvent any security rule. >It can be useful for the person who know how to use it and useless to >others. However this is not the reason to deny access to that. > >We discuss DSS, however the same problem is with many other utilities, >for example ftp, OMVS segment at all to mention a few. >IMHO the only problem it could generate is caused by lack of skills in >administration staff. If you cannot configure ftp then denying it is >safe. as well as powering off the machine. > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
