Some of our nodes are connected via store-and-forward, so I don't think we can specify DIRECT=YES without also changing topology. Similar concern for SUBNET, which is not currently defined. All nodes belong to us and are managed by the same group of folks. That means that a userid on one node represents the same individual on another node, but I can't speak to GROUP membership, which could easily vary according to business roles.
SHARE is coming up. I'll buttonhole some JES folks there for their advice. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW [email protected] -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Thursday, March 01, 2018 1:58 PM To: [email protected] Subject: (External):Re: Health Check JES_NJE_SECURITY On Thu, 1 Mar 2018 12:46:43 -0600, David Magee <[email protected]> wrote: >Is is possible to add the &RACLNDE profile (with possibly a dummy MEMBER >subentry) as WARNING to the RACFVARS Class? Then monitor for the >Temporary >Access Allowed condition and use that information to build your ADDMEMs to the >&RACLNDE profile over time? No. It's not an access check being done. The &RACLNDE profile is an information repository used by RACF while processing inbound NJE work (jobs, sysout), and the presence of the source node name in the member list controls what processing is done during authentication of the inbound work. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
