On Mon, 13 Nov 2023 13:30:56 -0500, David Cole <dbc...@colesoft.com> wrote:
>so while creating a "$XDC" class perhaps might be "easy", to >paraphrase Peter, why would I make a customer do that when I don't have to... > >So thank you to those who tipped me off about the XFACILIT. It sounds >perfect for my needs. Dave, as food for thought: RACF FACILITY is a special class which needs special consideration in recommending it. For instance, ask yourself why the resource name is restricted to 39 characters. If you choose to recommend FACILITY, you might need to document special considerations and include sections for each of the security products (e.g. RACF, ACF2 and Top-secret). It's been a very long time for me, but I think these are in storage rules. Probably not a big deal if you only have a couple of rules but it's something you should consider. Additionally, I believe FACILITY requires a refresh in RACF. I can't remember about ACF2 and Top-secret. These are customer considerations. If I remember correctly, RACF uses class numbers which has a limit. classes are associated to a number and mutliple classes can use the same number. It's not unusual for customers to combine classes into a single class but they must avoid resource name collisions. It's a good practice to uniquely identify your product in the resource name. I can't recall how ACF2 and Top-secret handle these situations. Maybe they have a facility to equate multiple RACF classes. As an alternative to FACILITY, you might consider a class that is not special but exists at all. For example, I've had customers use the dataset class. You may want to continue with class $XDC as your recommendation with alternatives. Equating classes can be useful. For instance, companies acquire other companies which means staff is dealing with multiple unique environments. It easier to manage XDC rules when class $XDC is specified although it has a different meaning in each environment. I'm not suggesting you take this as advice but simply to make you aware of these points. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
