Wouldn't a simpler solution to protecting the RACF database simply be to give pretty much no one ALTER access to it? I know that at most shops only one or two folks had ALTER or UPDATE to the actual file and that seems like the best course of action to avoid accidental deletion? And we backed up the RACF DB 4 times a day as well - just in case.
Todd Burrell | Sr. Mainframe Systems Administrator -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Tuesday, May 23, 2017 2:28 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RACF Database (was: Sample JCL for file transfer using NJE/TCPIP) I have not tried this, but IBM supplies a RACF started task whose purpose is to issue RACF commands via a console. As supplied, the RACF STC has no DDs, but I suppose you could add one for the primary and maybe even alternate RACF data base(s) with DISP=SHR. The hard part of coding such a task has already been done. Stopping it seems to require FORCE ARM, but you wouldn't stop it very often anyway. --------------------------------------------------------- . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Tuesday, May 23, 2017 11:03 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: RACF Database (was: Sample JCL for file transfer using NJE/TCPIP) I've been expecting someone with actual experience in this area to jump in. I don't think you can get away with 'wait forever' logic. Eventually you'll get S522 abend. OTOH XCFAS, which preserves a permanent enqueue on LINKLIST libraries, seems to be very busy doing something, accumulating both CPU time and EXCP count. Maybe there's something on CBT? <snip> -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Monday, May 22, 2017 4:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: RACF Database (was: Sample JCL for file transfer using NJE/TCPIP) On Mon, 22 May 2017 17:44:16 -0500, Joel C. Ewing wrote: >RECFM PSU may prevent moving the database, but it doesn't block >deletion. After realizing this somewhat-essential data set wasn't >protected by an enqueue, we picked an installation started task that >was normally running all the time (but which could be shut down if need >be), and added an unreferenced DD for the RACF database with DISP=SHR >to reduce the odds of both accidental deletion and movement. > Suppose one wanted to craft a started task expressly for that purpose, using minimum resource. Would it suffice to WAIT on an ECB that you never POSTed? Would this annoy WLM? Is there a better way? Should it intercept a STOP command and WTOR with an Abort/Retry/Ignore prompt? What's the OS Classic analogue of SIGINT? -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
