Hi, Rver since IBM gave us CDT, user defined classes migration stopped being a problem. You no longer need the assembler macros to define user classes. Everything is in the RACF database. Best wishes Jack
On Mon, Nov 13, 2023, 08:42 Rob Scott <[email protected]> wrote: > Although setting up your own SAF class is not difficult, it is another > step in the installation/migration process and my instinct (bearing in > mind the squeeze on staffing resources) is always to tend to "zero-config" > wherever possible. > > If you stay within your lanes as far as the profile namespace is concerned > ,then XFACILIT makes sense in most cases. > > Rob Scott > Rocket Software > > -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On Behalf > Of Phil Smith III > Sent: Sunday, November 12, 2023 8:38 PM > To: [email protected] > Subject: Re: RACF, the FACILITY class, and z/XDC > > EXTERNAL EMAIL > > > > > > Ed Jaffe recommended against creating a SAF class. I'll respectfully > suggest that it's not that hard. > > First, if you do, IBM told us, "Start the class name with a dollar > sign-we'll never use those". Of course you could collide with another > vendor, but that's unlikely. > > We've had customers doing so for 13 years or so. Besides some folks who > didn't understand how to use their own ESM, we've had no problems. ACF2 and > TSS were easy, too. > > Now, I admit that our usage is pretty simple: we have named data > protection entities called Cryptids, and you can use them to protect > (encrypt/tokenize/hash) or access (decrypt/detokenize) data. So if you have > a Cryptid named BANANA, a user needs READ or greater authority to > PROTECT.BANANA or ACCESS.BANANA, as appropriate to use BANANA to protect or > access. > > For something like EJES, with possibly dozens of subtleties, it would > surely be harder. The complexity of SAF related to certificates comes to > mind, though I suspect some of that is due to some historical mistakes. > Still, once you've defined a scheme, it's just PERMITs, right? > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ================================ > Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA > 02451 ■ Main Office Toll Free Number: +1 855.577.4323 > Contact Customer Support: > https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport > Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - > http://www.rocketsoftware.com/manage-your-email-preferences > Privacy Policy - > http://www.rocketsoftware.com/company/legal/privacy-policy > ================================ > > This communication and any attachments may contain confidential > information of Rocket Software, Inc. All unauthorized use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > notify Rocket Software immediately and destroy all copies of this > communication. Thank you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
