Hi Lizette, In z/OS 2.5, the security settings in ISFPRMxx are ignored and RACF alone governs security. You still need ISFPRMxx for display settings.
What we have found in our ISFPRMxx-to-RACF migration work is that, once you strip out the security parameters from all the ISFPRMxx groups, the remaining display parameters for all the SDSF group are almost always nearly identical. Unless you have a requirement to give different sets of users different sets of ISFPRMxx display settings which would necessitate defining multiple SDSF groups and corresponding RACF SDSF GROUP.groupid profiles, you could create a single SDSF group with a common, shared set of display parameters and give everyone access to it. Also see our presentation on this topic. https://www.rshconsulting.com/RSHpres/RSH_Consulting__SDSF_and_RACF__November_2023.pdf P.S., Pay special attention to CONNECT statement parameter AUXSAF. See presentation above for details. Regards, Bob Robert S. Hansel 2024 IBM Champion Lead RACF Specialist RSH Consulting, Inc. 617-969-8211 www.linkedin.com/in/roberthansel www.rshconsulting.com -------------------------------------------------------------------------- Upcoming RSH RACF Training - WebEx - RACF Level I Administration - OCT 7-11, 2024 - RACF Level II Administration - NOV 4-8, 2024 - RACF Level III Admin, Audit, & Compliance - DEC 9-13, 2024 - RACF - Securing z/OS UNIX - SEPT 23-27, 2024 - zSecure Admin - Basic Administration - NOV 19-22, 2024 --------------------------------------------------------------------------- -----Original Message----- Date: Mon, 17 Jun 2024 10:55:51 -0700 From: Lizette Koehler <[email protected]> Subject: SDSF and z/OS V2.5 Dearest List I am trying to understand the changes to SDSF in z/OS 2.5 I want RACF to control all access to functions in SDSF. And I do not want to have to code ISFPRMxx Is there a way to have a minimal ISFPRMxx or do I have to add all GROUP statements and RACF SDSF GROUP.** to make this work? Thanks Lizette ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
