I don't think you should ever just give the okay to "everything". A lot of what is included with z/OSMF is not only unnecessary for most people, but it would be dangerous to grant them access to it. Not to mention that some of it is simply just worthless junk.
Brian On Wed, 5 Nov 2025 16:46:43 -0600, Mike Schwab <[email protected]> wrote: >I would put on Audit Any until satisfied only desired actions are being >performed. > >On Wed, Nov 5, 2025 at 8:50 AM Jay Maynard < >[email protected]> wrote: > >> We have had a philosophical question about z/OSMF come up at our shop. We >> have Sirius contracted to do our system maintenance. Our approach to z/OSMF >> has been to enable and give access to modules as need arises, making sure >> to limit access to functions people need to do their jobs. This has always >> been considered good security practice. >> >> We're now getting told that "z/OSMF should not be done piecemeal", and that >> IBM and vendors are counting on it all to be there and enabled and keep >> processes supported for years to come, and that this should be done for all >> systems in our configuration. >> >> Who's right? What's the z/OSMF philosophy? Should we just turn on the world >> and give access to all of it or none, no in between? >> -- >> Jay Maynard >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> > > >-- >Mike A Schwab, Springfield IL USA >Where do Forest Rangers go to get away from it all? > >---------------------------------------------------------------------- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
