Re: RMDS for reporting on Mainframe
Just for correctness, if I recall correctly CA-View is the old SAR and just do syslog/joblog archival/retrieval. I'm quite sure my former customer used CA-Dispatch for report distribution. Lucas On Apr 10, 2017 16:37, "Lizette Koehler"wrote: There are products out there Systemware XPTR (not sure of today's name) CA View (Old Mobius product I think) $AVERS And more It will depend on $$ to spend and what features you need. Searching the internet should be able to start your review process. Not only look at the features, but how the conversion from RMDS to new product will be handled. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of SrinivasG > Sent: Monday, April 10, 2017 2:28 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: RMDS for reporting on Mainframe > > Hi, > > Is anyone using RMDS on Mainframe? > Since its being discontinued , I am interested in knowing what other shops are > doing. > Please share your solutions as far as RMDS is concerned. > > Thanks in advance. > > Regards, > Srinivas G > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS for reporting on Mainframe
On Mon, Apr 10, 2017 at 9:37 AM, Lizette Koehlerwrote: > There are products out there > > Systemware XPTR (not sure of today's name) > > CA View (Old Mobius product I think) > > $AVERS > > And more > > It will depend on $$ to spend and what features you need. > One thing that is (now) of greater importance to me is "Where is the data stored?". There there seems to be two choices in today's world: individual sequential(?) data sets for each job or in a single "data store" data set which contains a "directory" and comes with "management software" to do things such as request a reprint or archive old output. I rather liked the "one PS data set per job/report" philosophy because it was easy to read reports via ISPF 3.4. Even better, IMO, would be "one UNIX file per report". Why UNIX you ask? Because it is _easy_ to use something like "grep" to find complicated search strings. Well, it is easy so long as you know regular expressions; which I do. Also, depending on your company's technical expertise, it would be "easy" to transfer the reports to a distributed system and index it similar to a "web search" engine so that your user could do a Google (or Bing) like search. We actually use a product which is PC resident (Report 2 Web). The z/OS system uses JQP from MacKinney Software to send reports to a "LAN printer", which is actually a "service" on a Windows machine. This service looks at the data in the report (which includes a job separator which we use to communicate with the service) to classify it. It can then do a number of things with the data (including creating a subset from an embedded "table" which is stored in an Excel spreadsheet), but we manly just store it in a reformatted file on a LAN disk. The "index" to this is kept in an Oracle data base (but, IIRC, it could use any ODBC compliant data base). Users are defined to the software for access to specific reports. The users access the reports to which they are authorized via their browser (thus to "2 Web" part of the name). The file format on disk is undocumented, but fairly simple to figure out. > > Searching the internet should be able to start your review process. > > Not only look at the features, but how the conversion from RMDS to new > product will be handled. > We converted from Mobius Infopack. We had help from a consulting firm which basically wrote some programs to parse the output from an Infopack report on available reports, and create "print" jobs which sent the "print" out to the "LAN printer". Basically, it was a programmed operator to request a reprint of every report in Infopack. Mobius was not well pleased about the "automation", as I recall. > > Lizette > -- "Irrigation of the land with seawater desalinated by fusion power is ancient. It's called 'rain'." -- Michael McClary, in alt.fusion Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS for reporting on Mainframe
There are products out there Systemware XPTR (not sure of today's name) CA View (Old Mobius product I think) $AVERS And more It will depend on $$ to spend and what features you need. Searching the internet should be able to start your review process. Not only look at the features, but how the conversion from RMDS to new product will be handled. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of SrinivasG > Sent: Monday, April 10, 2017 2:28 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: RMDS for reporting on Mainframe > > Hi, > > Is anyone using RMDS on Mainframe? > Since its being discontinued , I am interested in knowing what other shops are > doing. > Please share your solutions as far as RMDS is concerned. > > Thanks in advance. > > Regards, > Srinivas G > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS for reporting on Mainframe
We moved from RMDS more years ago than I can remember. We use JSF from Mackinney. On 4/10/2017 5:27 AM, SrinivasG wrote: Hi, Is anyone using RMDS on Mainframe? Since its being discontinued , I am interested in knowing what other shops are doing. Please share your solutions as far as RMDS is concerned. Thanks in advance. Regards, Srinivas G -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Brian W. France Systems Administrator (Mainframe) Pennsylvania State University Administrative Information Services - Infrastructure/SYSARC Rm 25 Shields Bldg., University Park, Pa. 16802 814-863-4739 b...@psu.edu "To make an apple pie from scratch, you must first invent the universe." Carl Sagan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Brian W. France Systems Administrator (Mainframe) Pennsylvania State University Administrative Information Services - Infrastructure/SYSARC Rm 25 Shields Bldg., University Park, Pa. 16802 814-863-4739 b...@psu.edu To make an apple pie from scratch, you must first invent the universe. Carl Sagan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Brian W. France Systems Administrator (Mainframe) Pennsylvania State University Administrative Information Services - Infrastructure/SYSARC Rm 25 Shields Bldg., University Park, Pa. 16802 814-863-4739 b...@psu.edu To make an apple pie from scratch, you must first invent the universe. Carl Sagan -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
I forgot to ask how you access RMDS. Is it through CICS ISPF VTAM OTHER??? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 6:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna
Re: RMDS
Through VTAM Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS I forgot to ask how you access RMDS. Is it through CICS ISPF VTAM OTHER??? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 6:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2 is out of the picture. So I think this has to be controlled within RMDS. But we cant figure out how. Thanks, Donna -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Sri h Kolusu Sent: Monday, July 28, 2014 3:31 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA300 0 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC300 0 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands
Re: RMDS
IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 7:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS I forgot to ask how you access RMDS. Is it through CICS ISPF VTAM OTHER??? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 6:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction on it. This is on the report level, not the dsname level. A user that does not have ACF2 authority to delete the vsam cluster corresponding to the report can still delete the report by issuing ERASE. The report is no longer viewable and When the PURGE jobs runs, PURGE deletes the cluster. Ive been working with both IBM and CA on this but to no avail. It seems that once in RMDS, ACF2
Re: RMDS
Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 7:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS I forgot to ask how you access RMDS. Is it through CICS ISPF VTAM OTHER??? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 6:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem to find what I need. We are z/OS 1.13, RMDS is 2.3 (this hasn't changed in eons) and ACF2 is V15. This is the problem which we just recently discovered after decades: The RMDS administrator does set up something to determine who can browse which reports. However, once you get into DISPLAY mode on a report, theres a whole series of commands available - CAP, COLS, F(IND) etc. Fairly inoculous. However, there is also an ERASE command, which does not seem to have any restriction
Re: RMDS
Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 7:01 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS I forgot to ask how you access RMDS. Is it through CICS ISPF VTAM OTHER??? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 6:48 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS You may need to contract an assembler programmer if you are not comfortable with Assembler and system exits. What you would want is if the ERASE command is entered, to trap it, probably validate to see if that person is authorized and if they are not authorized, send back a message along those lines. Otherwise allow the command. I am surprised IBM does not have sample exits that you could work with. I do not remember if the panels were part of RMDS or if they were ISPF Panels invoked by RMDS. If they are ISPF Panels you might be able to put something in the panel process to trap ERASE and action accordingly. Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 6:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS HI Brian Thanks. This , this is a very old product. Even IBM is not able to offer much advice. We have an exit that just covers sign on. I would like to perhaps just disable that RMDS command - ERASE - completely for either all or most users. Within RMDS even, not ACF2. The RMDS administrator controls access through RMDS. But access seems to be all or nothing, if you can view it, you can erase it. Tx for looking for your exits. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Brian France Sent: Tuesday, July 29, 2014 8:57 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Way back machine started. Once upon a time we ran RMDS with ACF2. ACF2 versions woulda been like 6 and 8. I have no idea anymore what RMDS version we had. There were exits in RMDS that we utilized with ACF2. They would take the report name ( the one you see when you're in RMDS, not the data set name ) and pass it to the exit were we would make a data set like call to grant access. We had to write code utilizing the sample exit to do this. Think we placed standard HLQ on the report name when we built the data set like call to write rules against. There was a sign on exit as well. I looked for my exits but alas I musta cleaned house when RMDS went the way of the dino here... On 7/29/2014 8:27 AM, Roff, Donna wrote: Thanks Koluso and Lizette Ive gone through the manuals already and cant seem
Re: RMDS
So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Lizette, I think everybody has ERASE authority. AUTHOWNR and AUTHERAS are system options so wouldn't that be global? I don't know why IBM cant help either. Sigh. As far as I know it is still on support. If that's the case, I suppose I could initiate a Request for Enhancement. I know they would just love this for this vestigial product. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Or if you could try this. Normal user would have READ access to the REPORT/dsn. An owner would have either ALTER or UPDATE on the REPORT/DSN (just a guess) So if a user had READ access then AUTHOWNR or AUTHERAS would not be involved If they user had ALTER or UPDATE access the AUTHOWNR or AUTHERAS would be involved. I would take that question to IBM. How to get everyone to be a reader of reports, not be allowed to access other reports they are not supposed to. And how does AUTHOWNR and AUTHERAS get involved. It could be you still have to code the exit DBNUXSEC Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:41 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Lizette, I think everybody has ERASE authority. AUTHOWNR and AUTHERAS are system options so wouldn't that be global? I don't know why IBM cant help either. Sigh. As far as I know it is still on support. If that's the case, I suppose I could initiate a Request for Enhancement. I know they would just love this for this vestigial product. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Hi Lizette, Actually, I was looking at a F2 (General help) as opposed to F1 (Help) in RMDS and see the following: --- COMMANDS FOR OWNERS OF REPORTS - ERASE - FLAGS THE REPORT FOR DELETION RESTORE - MAKES AN ERASED REPORT ACCESSIBLE AGAIN (EFFECTIVE ONLY IF ISSUED WHILE STILL VIEWING A REPORT ON WHICH ERASE WAS ISSUED) So it looks like ERASE is just for OWNERS. So I do have to see how the administrator has defined the Owners and reports. -Original Message- From: Roff, Donna Sent: Tuesday, July 29, 2014 10:41 AM To: 'IBM Mainframe Discussion List' Subject: RE: RMDS Lizette, I think everybody has ERASE authority. AUTHOWNR and AUTHERAS are system options so wouldn't that be global? I don't know why IBM cant help either. Sigh. As far as I know it is still on support. If that's the case, I suppose I could initiate a Request for Enhancement. I know they would just love this for this vestigial product. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Good luck Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 9:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, Actually, I was looking at a F2 (General help) as opposed to F1 (Help) in RMDS and see the following: --- COMMANDS FOR OWNERS OF REPORTS - ERASE - FLAGS THE REPORT FOR DELETION RESTORE - MAKES AN ERASED REPORT ACCESSIBLE AGAIN (EFFECTIVE ONLY IF ISSUED WHILE STILL VIEWING A REPORT ON WHICH ERASE WAS ISSUED) So it looks like ERASE is just for OWNERS. So I do have to see how the administrator has defined the Owners and reports. -Original Message- From: Roff, Donna Sent: Tuesday, July 29, 2014 10:41 AM To: 'IBM Mainframe Discussion List' Subject: RE: RMDS Lizette, I think everybody has ERASE authority. AUTHOWNR and AUTHERAS are system options so wouldn't that be global? I don't know why IBM cant help either. Sigh. As far as I know it is still on support. If that's the case, I suppose I could initiate a Request for Enhancement. I know they would just love this for this vestigial product. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
Thank you for your input. I will keep you updated. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 12:50 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Good luck Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 9:34 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, Actually, I was looking at a F2 (General help) as opposed to F1 (Help) in RMDS and see the following: --- COMMANDS FOR OWNERS OF REPORTS - ERASE - FLAGS THE REPORT FOR DELETION RESTORE - MAKES AN ERASED REPORT ACCESSIBLE AGAIN (EFFECTIVE ONLY IF ISSUED WHILE STILL VIEWING A REPORT ON WHICH ERASE WAS ISSUED) So it looks like ERASE is just for OWNERS. So I do have to see how the administrator has defined the Owners and reports. -Original Message- From: Roff, Donna Sent: Tuesday, July 29, 2014 10:41 AM To: 'IBM Mainframe Discussion List' Subject: RE: RMDS Lizette, I think everybody has ERASE authority. AUTHOWNR and AUTHERAS are system options so wouldn't that be global? I don't know why IBM cant help either. Sigh. As far as I know it is still on support. If that's the case, I suppose I could initiate a Request for Enhancement. I know they would just love this for this vestigial product. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:35 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS So, the problem with ERASE? Is it too many users have ERASE? Just from a brief look at the manuals, it looks like that normal users would just need READ. And I am going to guess here. Unless both the AUTHOWNR and AUTHERAS are the same for the user, they would not have the ability to erase. I have not used RMDS in over 15 years. So I am really fuzzy on how it works. And I am not sure why IBM cannot help. I do not know it the product is off support or not. Has your management started discussions on moving to a better supported product? Lizette -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 7:30 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Also, I couldn't figure out what the RMDS definitions for ALTER and UPDATE are. The description for AUTHOWNR in the manual is like the description for AUTHERAS AUTHOWNR | A|ALTER | Specifies the authorization level required| | | U|UPDATE| for a report owner. But both UPDATE and ALTER sound pretty significant. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Roff, Donna Sent: Tuesday, July 29, 2014 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS Hi Lizette, I had changed this AUTHERAS option form UPDATE to ALTER and it didn't make a difference. Let me refresh what I did, if anything, with AUTHOWNR. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Lizette Koehler Sent: Tuesday, July 29, 2014 10:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: RMDS IN the manual it states AUTHERASSpecifies the authorization level for the ERASE and RESTORE commands. A|ALTER U|UPDATE Perhaps you can see if your users have ALTER or UPDATE authority on the report/dsn. In the manual Report Management and Distribution System Administration Guide Version 2 Release 3 Document Number S544-5395-00 Note: The RMDS default is to define report owners as having UPDATE authority, but system options are available to allow you to specify what access should be used to define report owners (AUTHOWNR) and to define the authority to issue ERASE commands (AUTHERAS). The viewer region and report distribution facility user IDs need only READ access, for those cases where the job or started task user ID does not match the user IDs accessing reports. So maybe you can change the DEFINE AUTHERAS and AUTHOWNR to a different levels and only give that level to those allowed to erase reports. Lizette -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
No introduction needed. And welcome What version ofz/OS. ;RMDS and ACF2 Just post with enough info so we can understand the question. Lizette -Original Message- From: Roff, Donna dr...@fisa.nyc.gov Sent: Jul 28, 2014 12:08 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: RMDS Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: RMDS
May be this will help Chapter 16 in Administration Guide http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNA3000 or this one http://publibz.boulder.ibm.com/cgi-bin/bookmgr_OS390/BOOKS/DBNC3000 Kolusu IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu wrote on 07/28/2014 12:08:10 PM: From: Roff, Donna dr...@fisa.nyc.gov To: IBM-MAIN@listserv.ua.edu Date: 07/28/2014 12:19 PM Subject: RMDS Sent by: IBM Mainframe Discussion List IBM-MAIN@listserv.ua.edu Hi, Is anyone here familiar with RMDS (Report Management Distribution System) ? We have a question about security on one of the RMDS commands available against a report. ACF2 protects the MVS datasets but this is for the actual report. (This is my first post. I don't know if I need to put any introduction.) Thanks, Donna -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN