As far as I know, the statistics have always worked that way. That as long as you had the ability to edit (change/alter/del/create) the PDS you could use 3.5 to change the ID field to anything you like.
I typically change it to BASE and then as I update members, I can see what has been altered. And I think there has never been a separation in ISPF between the Directory entries and the PDS so there are no security controls over who can alter it. Everything is controlled at the dataset level. So I can change the Stats in any PDS for any member I have UPDATE access to. I would have to check on READ access. You can delete the statistics just as easily as create them. And deleting statistics is an easy way to provide room in the directory to add more members if you do not have a tool to increase the Directory entire of a PDS. There are SAF products like TSS that can secure at the MEMBER level, but I do not think RACF can do that. And maybe that function in TSS may provide the ability to protect the statistics for that member. But that would be a question for Top Secret. Lizette > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Barbara Nitz > Sent: Friday, July 07, 2017 6:06 AM > To: [email protected] > Subject: Friday question: ISPF Statistics Manipulation > > A colleague of mine just asked me if ISPF statistics in a data set, > especially the USERID field, can be manipulated. We used ISPF 3.5 and we were > both astonished that I was easily able to fake a userid as the one who last > changed a member (testing in my own dataset, of course). > > This immediately raised the question for me if there is any RACF control that > would prevent this type of manipulation, especially since the userids in > those statistics are widely used as evidence. Does anyone know if there are > such RACF controls? A quick search in the ISPF books didn't turn up any hint. > > Barbara ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
