For most setropts values, ractoute is sufficient. But I think that I can use irrxutil once I know the protecting profile for existing dataset. It is now more theoretical question as I am busy with IronSphere, but I may work on a free version next quarter.
ITschak נשלח מה-iPad שלי ב-30 ביולי 2017, בשעה 15:32, Elardus Engelbrecht <elardus.engelbre...@sita.co.za> כתב/ה: > As a late comer to this thread... ;-) > > First thing first: > > Walter, I really appreciate that you are still willing to share your wisdom > here on RACF-L and IBM-MAIN during your well deserved retirement! > > Thanks Walter for your kind postings. Much appreciated! > > > To Itschak Mugzach, my replies below are also for YOU! > > > Walt Farrell wrote: > >> (c2) You'll need to know if the data set is VSAM or non-VSAM. > > If VSAM, you had to be careful what profile is [eventually] used for what > component of that cluster. Ask me, I got burned there... > > >> (e) The calls are different for data sets on TAPE, and how they are >> different depends on the settings in PARMLIB(DEVSUPxx) and/or the tape >> management system that may be in use. > > Absolutely. Add SETROPTS TAPEDSN and TAPEVOL class too to enlarge the > possible confusion. > > As per zSecure - 'RACF is not able to guarantee the integrity of > tapevolumes.' > > Also remember that little old trap of 17 chars versus 44 chars for a > datasetname on a tape. > > What about ICHBLP, ICHNL? Despite your best guess, RACF may eventually have > another answer for checking accesses. > > JES2 may have another say about ICHBLP [ for a specific job class as per > HASPARM setup], but RACF ICHBLP certainly overrides JES2 setting ... > > >> I'm sure I've forgotten several other points I intended to make. > > What about SETROPTS PREFIX, SETROPTS ADSP, SETROPTS NOCATDSNS/CATDSNS(???) > and SETROPTS EGN? > > All of these may or may not screw up your own checking and guessing the > actual access. > > >> Also, even for a local program, the assumptions can easily become wrong, and >> then you'll be giving incorrect answers. > > Why not let RACF do its homework? Even "access check" by zSecure may or may > not be 100% correct, but I have to admit zSecure is 100% correct with those > "access check" tests I have conducted many many many times. > > Thanks to all for this interesting thread. > > Groete / Greetings > Elardus Engelbrecht > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
