I'm applying z/OS 2.1 RSU1603 and came across this PTF. Is anyone running with
it in production and has it caused you any grief? This seems to change a
behavior
that has been around "forever", so it concerns me a bit even though there
is a work around by defining a special RACF profile in the Facility class.
++ HOLD(UA80146) SYS FMID(HDZ2210) REASON(ACTION) DATE(15356)
COMMENT
(****************************************************************
* FUNCTION AFFECTED: DFSMS (OA49446) *
****************************************************************
* DESCRIPTION : Update security definition *
****************************************************************
* TIMING : Pre-APPLY *
****************************************************************
This service requires certain actions to be performed before the
PTF is applied. All the required actions appear in this PTF
cover letter.
RACF authorization checking is changed by this PTF for ALIASes,
PATHs, and ALTERNATEINDEXes. Before, if the ALIAS was for a
generation data set or a nonVSAM data set, the generation data
set name or the nonVSAM name was used for the RACF authority
check; for PATH and ALTERNATEINDEX, the associated CLUSTER
name was used.
Now, with this PTF, the RACF authority check is performed using
the ALIAS, PATH, or ALTERNATEINDEX name.
The required actions are:
1. Review the RACF profiles for names involving ALIASes, PATHs
and ALTERNATEINDEXes. Depending on your naming conventions,
no change may be necessary. The likely outcome if your ALIAS,
PATH or ALTERNATEINDEX is not covered by an existing profile,
will be a RACF failure due to insufficient authority. If this
is the case, add or change RACF profiles for ALIASes, PATHs
and ALTERNATEINDEXes to grant appropriate RACF authority.
2. If your installation cannot immediately tolerate the change
in RACF authority checking, the old method of checking can be
reinstated by defining a facility class profile with the name
of STGADMIN.IGG.CATALOG.SECURITY.CHANGE and giving the user
READ authority to that facility class.).
Best regards,
Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
ITIL v3 Foundation Certified
mailto:[email protected]
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html
Systems Programming expert at http://search390.techtarget.com/ateExperts/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
