Mike, I have normally been on the RACF-L list, however, since changing jobs last year, I've had some problems with the e-mails from the list getting through to my new e-mail address.
I, personally, have not seen work running without a valid RACF userid associated with it, though I have been in smaller shops, most of my career, where it was nominally easier to know all the work running on the system. Peter On Tue, 25 Jun 2024 11:22:17 -0500, Mike Cairns <[email protected]> wrote: >Hi Peter, > >Radoslaw and I probably spend more time over on the RACF_L list than here on >IBM-MAIN, but I still like to keep an eye open here. > >The use of ID(*) ACCESS(READ) is well known among the RACF community as the >'preferred' option to UACC nowadays, and the reason you cite is indeed >mentioned in the literature. Though I'm not sure about the NJE port of entry >still being able to actually get a batch job running under the JES >UNDEFINEDUSER, I have a recollection that the RACF SETROPTS setting >BATCHALLRACF(YES) should prevent a batch job from initiating with the >UNDEFINEDUSER value, though I have a vague recollection that BATCHALLRACF >itself has been redundant also for many years now as well. > >I'm intrigued generally to ask of this community, just how often does anyone >observe work executing on their system *without* a valid RACF (or ACF2 or >TopSecret) identity associated with it? > >I think there might still be one or two started tasks, probably running as >TRUSTED or PRIVILEGED, that are initiated in nucleus initialisation that may >still run with traditionally either the 8 plusses or the 8 question marks as >their ID, we can see them in SDSF, but realistically I don't believe that we >see work running under the UNDEFINEDUSER in modern systems for a long time >nowadays. I'd be keen to hear otherwise if there is though. > >Cheers - Mike > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
