Hello Rob Thank you so much for your response
Could you please point to your presentation on migrating off from ISFPRMXX to RACF ? Fortunately our shop is very small and we don't have any archiving tool or any automation tool. Peter On Sat, Dec 2, 2023, 9:55 PM Rob Scott <[email protected]> wrote: > Peter, > > Can I strongly suggest you instigate a project to activate OPERCMDS (and > JESSPOOL if not already active). > > ISFPRMx just controls actions within SDSF and does not preclude any > semi-capable programmer from writing code to issue operator commands (or > access SYSOUT using the JES SSI). > > Starting with z/OS 2 5, SDSF no longer uses ISFPRMxx to control security > as everything now only goes through SAF authority. We use the SDSF class > for product controls, and also make OPERCMDS and JESSPOOL checks on the > user's behalf when processing actions taken within the product. > > Please be aware that converting your systems to correctly use OPERCMDS and > JESSPOOL can be a lengthy process, and you should allow many weeks for > testing and validation. > > The OPERCMDS and JESSPOOL classes being activated can affect a broad range > of other products including sysout archiving and automated operations. > > I do have some presentations about SDSF security and can point you in the > right direction if you want. > > As a further note, the old ISFACR tool that was written 25+ years ago to > aid in SAF security migration is showing its age a bit. We have some more > recent (and much simpler) tools and processes now. > > Rob Scott > Rocket Software > > Sent from Samsung Mobile on O2 > Sent from Outlook for Android<https://aka.ms/AAb9ysg> > ________________________________ > From: IBM Mainframe Discussion List <[email protected]> on behalf > of Peter <[email protected]> > Sent: Saturday, December 2, 2023 9:31:26 AM > To: [email protected] <[email protected]> > Subject: zOSMF install - SDSF ISFPRMxx > > EXTERNAL EMAIL > > > > > > Hello All > > Good morning > > I have planned to install zOSMF in our test LPAR. Our SDSF uses its own > security features using ISFPRMXX and I can see zOSMF has its own IZUSEC > jobs where it activates OPERCMDS class. We never activated OPERCMDS instead > we manage using ISFPRMXX PARMLIB member. > > Is there anyone who have installed zOSMF with above scenario? > > Peter > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > ================================ > Rocket Software, Inc. and subsidiaries ? 77 Fourth Avenue, Waltham MA > 02451 ? Main Office Toll Free Number: +1 855.577.4323 > Contact Customer Support: > https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport > Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - > http://www.rocketsoftware.com/manage-your-email-preferences > Privacy Policy - > http://www.rocketsoftware.com/company/legal/privacy-policy > ================================ > > This communication and any attachments may contain confidential > information of Rocket Software, Inc. All unauthorized use, disclosure or > distribution is prohibited. If you are not the intended recipient, please > notify Rocket Software immediately and destroy all copies of this > communication. Thank you. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
