Skip:
I concur. A second cousin war story was that there was a RACF
"screwup" (ie operator error) took a data center down for a long time
(more than a few hours). The DC was designed for the one of the
Chicago markets. The lead sysprog at the time (I thing he is no
longer with us) was there at the time.
We had a separate DC on the same floor and I think the blood letting
was felt by everyone.
If memory serves me we had just converted to MVS and went ACF2. I
don't think the question ever arose in our DC about what IF, but we
sure should have.
Ed
On Feb 13, 2016, at 10:04 PM, Skip Robinson wrote:
This opinion is based on (thankfully) limited experience. If you
are forced
to IPL without a usable RACF data base, you are totally scr*wed.
During IPL,
operator will be prompted to allow even READ access to *every* data
set
opened by *every* task except for a tiny handful like JES that bypass
integrity. By the time you get to the point of actually logging on
to TSO,
operator's fingers will be bleeding profusely. If at any time
during this
process, you are god-forbid required to start over, yet more finger
tips
will have to sacrificed.
Whatever UADS is worth, IPLing without a RACF data base is the last
extreme
recovery option. Please plan a next-to-last option.
.
.
.
J.O.Skip Robinson
Southern California Edison Company
Electric Dragon Team Paddler
SHARE MVS Program Co-Manager
323-715-0595 Mobile
[email protected]
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]]
On Behalf Of John Eells
Sent: Monday, February 1, 2016 08:27 AM
To: [email protected]
Subject: [Bulk] UADS (was Re: [Bulk] Re: COBOL v5)
I hadn't really thought about (or researched) the display
capabilities of
RACF.
An RFE couldn't hurt if you find them lacking.
Once one's TSO/E administrative routines have been converted to
use the
TSO
segment, though, I think another good use of UADS is for recovery,
including
DR. It's the only way to log on when you have no security
database, at
least
when RACF is the absent DB in question. I'd want to have "some
number" of
sysprog user IDs to be in UADS for recovery purposes. (And an
appropriate
MPF exit, for RACF!)
As SA restore is a serial activity and batch restore is not,
minimizing
recovery
time would seem to call for a small number of UADS-defined IDs to
speed
overall restore time if your security DB happens not to share a
volume
with
some other data sets required to IPL and log on. But what do I know?
Skip Robinson wrote:
Ah, UADS. A prime example of archaic mechanism. Defensible
technically?
Probably not, although a security administrator who needs to know
which account numbers or which proclibs a user is authorized to use
might tell a different story. With UADS, a simple list command tells
the story. With TSOE segment, it's a data mining operation. This
difference alone has inhibited conversion in some shops.
<snip>
--
John Eells
IBM Poughkeepsie
[email protected]
---------------------------------------------------------------------
-
For IBM-MAIN subscribe / signoff / archive access instructions,
send email
to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
