I don't know of any sysprog in his/her right mind who would willy-nilly perform any SMP/E action hold without going through the hold actions to see if they are required or need tweaking at a particular shop.
It's no different from the ServerPac jobs that slam a whole slug of security changes in. Whenever I hit one of these jobs, I go through them line by line to see if they apply, if they are already in place, and what I need to change to make them fit the environment. Personally, I would prefer it be an action hold rather than a doc hold in this case. Rex -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Thursday, May 18, 2017 3:01 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mischaracterized HOLDDATA This is a swampy area captured in the caveat 'perform these steps if you choose to use it'. If a shop has not already RDEFINEd MVS.MCSOPER.* with elaborate profile support in place, blandly issuing these commands as documented would immediately bring a shop to its knees. Putting a HOLD(ACTION) label on this bottomless can of worms would only increase the likelihood of operational catastrophe. If you're inclined to take this action willy-nilly, be sure to update your resume beforehand. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Burrell, Todd Sent: Thursday, May 18, 2017 12:11 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Mischaracterized HOLDDATA Well this really should have been labeled as HOLD(ACTION). And I usually look through the DOC for stuff like this, but I've never seen something quite so egregious. Todd Burrell | Sr. Mainframe Systems Administrator CSX Technologies| 550 Water St. (634I), Jacksonville, FL 32202 -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Pinnacle Sent: Thursday, May 18, 2017 3:07 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Mischaracterized HOLDDATA For those of you who always laughed when I said read your HOLD(DOC) for buried HOLD(ACTION) items. Here it is kids, so for those of you who still ignore HOLD(DOC), keep telling yourselves that you're saving time and I'm crazy for looking at HOLD(DOC). ++HOLD(UI43841) SYSTEM FMID(HSMA21A) REASON(DOC) DATE(17011) COMMENT( Perform the following RACF security steps, or equivalent steps using your SAF product. The SAMPLIB sample job, IZUCASEC contains these commented-out RACF commands and is provided as an aid to perform these steps if you choose to use it. RDEFINE OPERCMDS MVS.MCSOPER.* UACC(NONE) PERMIT MVS.MCSOPER.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ) RDEFINE OPERCMDS (MVS.VARY.TCPIP.OBEYFILE) UACC(NONE) PERMIT MVS.VARY.TCPIP.OBEYFILE ACCESS(CONTROL) CLASS(OPERCMDS) ID(IZUSVR) RDEFINE OPERCMDS (MVS.DISPLAY.*) UACC(NONE) PERMIT MVS.DISPLAY.* CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ) RDEFINE SERVAUTH EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG UACC(NONE) PERMIT EZB.NETSTAT.<mvsname>.<tcpprocname>.VIPADCFG CLASS(SERVAUTH) ID(IZUSVR) ACCESS(READ) RDEFINE SERVAUTH EZB.NETWORKUTILS.CLOUD.<mvsname> UACC(NONE) PERMIT EZB.NETWORKUTILS.CLOUD.<mvsname> CLASS(SERVAUTH) ID(IZUSVR) ACCESS(READ) Grant ALTER access to IZUSVR for the stack include and stack dynamic update datasets if your system protects data sets with SAF profiles. These are data sets you will create manually and then reference in Configuration Assistant when you configure a TCP/IP stack from the Systems tab in the Cloud perspective. If the z/OS ROUTE command is protected by SAF, IZUSVR must have READ access to the MVS.ROUTE.CMD.<system> SAF profile in the OPERCMDS class. **NOTE: <system> is the target MVS system name where IBM Cloud Provisioning and Management for z/OS will provision resources. e.g. PERMIT MVS.ROUTE.CMD.<system> CLASS(OPERCMDS) ID(IZUSVR) ACCESS(READ) SETROPTS RACLIST(OPERCMDS,SERVAUTH) REFRESH ). Regards, Tom Conley ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN The information contained in this message is confidential, protected from disclosure and may be legally privileged. If the reader of this message is not the intended recipient or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any disclosure, distribution, copying, or any action taken or action omitted in reliance on it, is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by replying to this message and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN