In a real emergency, wake up a few folks. Everything I do is audited. That custom SETPROG command, if discovered, would be a career limiting command. I prefer to keep my job. <g>
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Elardus Engelbrecht Sent: Friday, August 05, 2016 9:42 AM To: [email protected] Subject: Re: Adding Module to an empty APFed Library Richards, Robert B. wrote: >Around here, they are using RACF to lock down APF dataset updates. It takes a >change request with 2-3 approvers to get RACF authority to update an APF >dataset. What do you do if you really need do that update work to fix a problem at around 02:00 in the morning? >SET PROG= you say? Well, you can always do anything ONCE. If you're authorised in the first place, you can always sneak in a program with AC(1) which issues a custom SET PROG command or CSVAPF macro. So, you need to audit all UPDATE and ALTER attempts to these keys to the kingdom plus check your FACILITY class profile CSVAPF.<libname> and CSVAPF.MVS.<etc> Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
