I agree that UACC(READ) looks like a good setting for IEAABD.DMPAUTH resource
protection.
However, the RACF_SENSITIVE_RESOURCES health check seems to disagree:
(...)E IEAABD.DMPAUTH FACILITY Read No ****
(...)
Not a big deal, of course. But I prefer to have RACF health checks passed
without EXCEPTIONS...
Juan Mautalen
El jueves, 14 de julio de 2022, 10:17:35 a. m. GMT-3, Peter Relson
<[email protected]> escribió:
Commentary from the module that does the checking:
...checks a FACILITY class profile to ensure the installation allows the user
to take this dump. Can prevent unauthorized dumps of
execution-controlled programs.
The check uses a resource name of IEAABD.DUMPAUTH where:
(a) Access of UPDATE (or no profile) allows the dump
(b) Access less than READ means suppress the dump, and
(c) Access of READ means allow the dump if
(c1) SETR NOWHEN(PROGRAM) or
(c2) the user has an uncontrolled program environment or
(c3) the user has at least READ authority to all controlled
programs in the address space.
I'd defer to those with more knowledge than I on this subject. As the comment
reads, it sounds like UACC(READ) might be a good setting.
Peter Relson
z/OS Core Technology Design
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
