First, what version of z/OS are you running? And another thought
I have not touched RACF directly in many years, so this may be old. Make sure that your GLOBAL rules don't undercut your other rules improperly. Smart auditors look at the DSMON report to see if your sensitive datasets are properly protected. The really smart auditors then look at the DSMON Global Access Table Report to see if any of the GLOBAL rules permit access to a sensitive dataset. For example, if you have a GLOBAL DATASET rule that allows READ access to all SYS1.* datasets, then you likely have a weakness, even if other GLOBAL rules specify access of NONE for SYS1.UADS, SYS1.RACF, etc. A GLOBAL rule of SYS1.*/READ is only safe if you know ALL the SYS1 datasets which should have a UACC of NONE, both now and in the future. While you're looking at DSMON, check to make sure that the RACF dataset and its backup are on different disk packs. Could you verify that your GLOBAL rules are setup correctly for us? Lizette -----Original Message----- From: RACF Discussion List [mailto:rac...@listserv.uga.edu] On Behalf Of majuma Sent: Saturday, August 17, 2013 9:48 AM To: rac...@listserv.uga.edu Subject: Fwd: RACF Database protection Hi list, Some one in our section, he was able to download RACF data base file SYS1.RACF.PRIM via ftp to PC, the file is UACC is none. then he used some tool to get uid and password of some users. I want to understand what happend, and how to protect against such issue. Send from Samsung Mobile ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
