Ouch. I never saw Walt's proviso mentioned in the doc. Yes, these nodes are all totally under our control. However each node (sysplex) constitutes a different business environment supported by a different RACF data base. A person may have the same userid on sandbox and on production, but they do not necessarily have the same authority on both. Both represent the same person but not necessarily the same role.
We need to reassess our goal here. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Walt Farrell Sent: Wednesday, February 28, 2018 5:21 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Health Check JES_NJE_SECURITY On Wed, 28 Feb 2018 18:21:03 -0500, Tom Conley <pinnc...@rochester.rr.com> wrote: >I ran these on 1/5/18 to fix this check: > >RDEFINE RACFVARS &RACLNDE UACC(NONE) OWNER(<sysprog group>) RALTER >RACFVARS &RACLNDE ADDMEM(<your JES node>) (add one for each >node) >SETROPTS CLASSACT(RACFVARS) RACLIST(RACFVARS) You should be careful with that, Tom. &RACLNDE should only contain the names of nodes whose RACF databases are identical to each other, at least with respect to the users, groups, and user-group connections that are defined. Having a node listed in &RACLNDE will have a strong effect on security processing (mainly the propagation of submitter identity) for jobs submitted from that node to other nodes in your JES2 network. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN