On Mon, 11 Jul 2022 15:40:10 +0000 "[email protected]" <[email protected]> wrote:
:>Hi! :> :>I have a question regarding IEAABD.DMPAUTH / IEAABD.DMPAKEY resources in RACF FACILITY class: :> :> :>1- In this context, when the RACF "Security Administrator Guide" says "controlled programs", is it referring to programs protected in RACF PROGRAM class? Also EXECUTE access. :>2- It is not completely clear to me, from the documentation, what happens when these resources are UNPROTECTED (NO RACF profile protecting these resources). :>In that case, are all users indeed allowed to obtain such a DUMP (using SYSUDUMP, SYSABEND, or SYSMDUMP DD in JCL)? I assume the answer is YES, but I want to be sure. Yes. :>3- If you decide to implement this level of DUMP control by protecting these resources in RACF FACILITY class, what precautions should you take? :>I am not worried about humans needing these authorizations (probably just sysprogs), but what about users assigned to STCs? SVCDUMPs are not controlled by this. Not sure why STCs should be treated differently. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
