On 21 August 2013 20:31, Alan Altmark <[email protected]> wrote:
> > From an ESM perspective, realize that changing the indirect LINKs in MAINT > to point to MAINT630 *may* drive a lot of permission changes. E.g. People > who LINK MAINT 490 today have authorization to MAINT620 490. Now they > need MAINT630 490. How to get it? To give RACF examples: > > Just like David Parnas says "copying code is a design error" shouldn't the need for "a lot of changes" be a warning that you're doing things wrong? Having RACF should make it easier to do good things and make it harder to do bad things. Would RACFVARS be appropriate to hold the currently valid MAINTvrm userid(s) and have just a single ADDMEM and later DELMEM to deal with migration? Especially with phased implementation on different members with a shared RACF database, if it's a lot of work to add the profiles, it's likely they will not be cleaned up afterwards either. And while it does not harm perse to have orphans, it causes extra work and lack of hygiene is frowned upon when you need to do your annual justification for non-standard permissions. Sure, this is begging for better guidance on setting up your RACF database than what the provided installation program offers, or what simple-minded expansion in the connector would do. But I believe it's not the first time I suggested this... Rob ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
