Barbara, Make sure your not missing a volume on the install. There were optional volumes listed on the documentation at IBM
Scott ford www.identityforge.com Tell me and I'll forget; show me and I may remember; involve me and I'll understand. - Chinese Proverb On Jan 3, 2013, at 1:33 AM, ibmmain <[email protected]> wrote: >> In what classes and profiles? You can perhaps consolidate those profiles in >> fewer and more generic profiles if you have time to do that. >> >> (I know you previously said that you are learning to work with RACF) > > I did that. I have about 20 jobs that completely rearrange RACF to something > that is meaningful to me and allows better administration in my opinion. > Just a few examples of the RACF database that comes with ADCD: > CLASS(TSOAUTH): has permits for userids that don't exist in the database: > LWH, TESTER, TESTEG, DSN1SPAS. Not to mention that every userid has its own > permit - no group permits for groups of users. Anywhere, not just in this > class. > CLASS(TSOPROC): still has the DB2 V8 logon proc defined (DBSPROC8) - DB2 V8 > is not delivered in this ADCD anymore. > Userid DB8GRFSH belongs to DB2 V8, which doesn't exist. > A lot of address spaces are missing in the STARTED class - the default > profile ** allows very high access to all system resources. For instance, > there is no profile specifically for DB2 (no matter which release), they all > start on the ** profile. There also are a ton of obsolete profiles in that > class (lots of DCE* asids that don't get started). > There are a lot of nongeneric DB2 dataset profiles from DB2 Version 7, which > don't exist anymore (neither DB2 V7 nor those datasets). > CLASS(DSNR): Again a lot of DB2 V7 and V8 related profiles in addition to V9 > and V10. > Same for class(SERVER). > CLASS(PROGRAM): > RALTER PROGRAM * DELMEM('DSN810.SDSNLOD2') > RALTER PROGRAM * DELMEM('DSN810.SDSNLOAD') > RALTER PROGRAM * DELMEM('DSN810.SDSNEXIT') > RALTER PROGRAM * DELMEM('DSN710.SDSNLOD2') > RALTER PROGRAM * DELMEM('DSN710.SDSNLOAD') > RALTER PROGRAM * DELMEM('DSN710.SDSNEXIT') > RALTER PROGRAM * DELMEM('WAS401.SBBOLOAD') > RALTER PROGRAM * DELMEM('BBO401.SBBOLOAD') > None of those data sets exists anymore. There is neither DB2 V7 nor V8 (ups, > I already said that) nor WAS V4. > RDELETE PROGRAM BPXOV > RDELETE PROGRAM BPXBINIT > RDELETE PROGRAM BPXEV003 > RDELETE PROGRAM BPXOLVD > RDELETE PROGRAM BPXPLPKA > RDELETE PROGRAM BPXUCSNM > RDELETE PROGRAM BPXUEYI1 > RDELETE PROGRAM BPXUI1EY > RDELETE PROGRAM BPXZ24 > RDELETE PROGRAM RLOGIND > I was unable to find these programs in the SMPE-defined libraries. > CLASS(FACILITY): The WLM policy as delivered can only be administered by > IBMUSER and a non-existent userid DPACK. > There are two very obsolete groups still defined named SYSCTLG and VSAMDSET. > > At this point, I can almost rival a RACF admin. What I haven't touched are > all these certificate things that come in upper and lower case. > Barbara > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
