This opinion is based on (thankfully) limited experience. If you are forced to IPL without a usable RACF data base, you are totally scr*wed. During IPL, operator will be prompted to allow even READ access to *every* data set opened by *every* task except for a tiny handful like JES that bypass integrity. By the time you get to the point of actually logging on to TSO, operator's fingers will be bleeding profusely. If at any time during this process, you are god-forbid required to start over, yet more finger tips will have to sacrificed.
Whatever UADS is worth, IPLing without a RACF data base is the last extreme recovery option. Please plan a next-to-last option. . . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile [email protected] > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] > On Behalf Of John Eells > Sent: Monday, February 1, 2016 08:27 AM > To: [email protected] > Subject: [Bulk] UADS (was Re: [Bulk] Re: COBOL v5) > > I hadn't really thought about (or researched) the display capabilities of RACF. > An RFE couldn't hurt if you find them lacking. > > Once one's TSO/E administrative routines have been converted to use the TSO > segment, though, I think another good use of UADS is for recovery, including > DR. It's the only way to log on when you have no security database, at least > when RACF is the absent DB in question. I'd want to have "some number" of > sysprog user IDs to be in UADS for recovery purposes. (And an appropriate > MPF exit, for RACF!) > > As SA restore is a serial activity and batch restore is not, minimizing recovery > time would seem to call for a small number of UADS-defined IDs to speed > overall restore time if your security DB happens not to share a volume with > some other data sets required to IPL and log on. But what do I know? > > Skip Robinson wrote: > > Ah, UADS. A prime example of archaic mechanism. Defensible technically? > > Probably not, although a security administrator who needs to know > > which account numbers or which proclibs a user is authorized to use > > might tell a different story. With UADS, a simple list command tells > > the story. With TSOE segment, it's a data mining operation. This > > difference alone has inhibited conversion in some shops. > <snip> > > -- > John Eells > IBM Poughkeepsie > [email protected] > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email to > [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
