--- On Fri, 5/8/09, Rick Fochtman <[email protected]> wrote:
------------SNIP----------------------------------------------------
> ------------------------------------------<unsnip>--------------------------------
> The whole object of my exercise was to NOT give access to
> APF libraries. Since I had SPECIAL and AUDITOR authority as
> part of my job function, I could do basically anything I
> wanted to do anyway. The object was to keep some of our more
> "experiment-oriented" applications types in line.
>
> -- Rick
> --
> Remember that if you’re not the lead dog, the view never
> changes.
I agree with you Rick. Part of my point was the obvious(tightly control APF
libraries) any systems programmer worth their salt knows that.
Also if they do have access to amaspzap they can get around almost anything, so
I would still restrict that access (along with its alias's).
I also had all libraries in the linklstxx controlled for read and write .
I was somewhat paranoid about security (as should all systems programmers IMO).
I have come into a place and the sysprog practically never talked with the
security people (and vice versa) . I always found that between the security
people and the auditor they can really be a help in access issues. I also found
it was in my best interest to proactive when it came time to create access
rules for libraries. I headed off a LOT of problems which I would have had to
contend with by being so proactive.
Yes, I held back the applications people a little bit, not all of them were
terribly bright and a few times consultants (the bane of my existence) was to
keep them in check. I kept the application people from using languages that
nobody in the company had the slightest idea on how to write let alone debug.
The consultants would leave and let the poor person on call trying to figure
what went wrong in a language they had not a clue on. Our production cycle was
critical to the options exchange opening in the morning and we couldn't be late
of a hefty fine would be imposed.
A while back we had a programmer who for some reason was writing an assembler
program and was using the 3704/3705 assembler. He was just totally beyond his
competency, which was COBOL (he was OK in that). I took access away from the
library and he squawked bloody murder. He ran to the VP of programming and we
had a meeting at which I pointed out that if was using the 3704/3705 assembler
he probably could not use it in production as everything was supposed to be
amode 31. I also informed him during the meeting that he was using the wrong
assembler. He was sitting there with egg all over his face. The meeting
adjourned and he was practically ridden out of his job the next day. I got a
call the day after from the VP (he was an old friend of mine) and he apologized
for the programmer raising such a ruckus.
BTW the VP used to be a programmer about 15 years before this and he and I got
into an argument about how an assembler instruction worked and he bet me $5
that he was right. I went ahead with the bet and I took out the principal of
ops out and read it briefly and it backed what I said was done and I underlined
the pertinent verbiage and handed it to him and he put the book down and got
out his wallet and handed me $5 and I gave it back to him to give to a
political candidate that he was working for and he was happy and I was happy.
Ed
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
