Re: SMPe securing zones
> I've found that GIMSMP opens the datasets in UPDATE mode, so the user will > still need UPDATE or higher access. READ access fails when the program > starts. That is not true for all SMP/E commands. LIST for example, or the REPORT commands, and the ISPF Query dialog, definitely open the SMPCSI data sets in READ mode. But if you're complaining about APPLY CHECK, then yes, APPLY CHECK does open the SMPCSI data sets for UPDATE. Kurt Quackenbush IBM | z/OS SMP/E and z/OSMF Software Management | ku...@us.ibm.com Chuck Norris never uses CHECK when he applies PTFs. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SMPe securing zones
That's disappointing. It's not being done now, but another good way to handle that problem is to enhance the GIM.* Facility class profiles to include zone support for commands. User can run certain zone altering SMP/e commands against TZONE1, but not TZONE2. Something like that. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com --- Original Message --- On Monday, March 27th, 2023 at 5:39 PM, Matthew Stitt wrote: > I've found that GIMSMP opens the datasets in UPDATE mode, so the user will > still need UPDATE or higher access. READ access fails when the program starts. > > I've growled that GIMSMP needs to open in READ mode, then close/open in the > desired UPDATE mode if needed. > > Matthew > > On Mon, 27 Mar 2023 13:50:28 +, Mark Jacobs markjac...@protonmail.com > wrote: > > > If you have those zones in their own CSI datasets, you can use your > > security system just to allow READ access. > > > > Mark Jacobs > > > > Sent from ProtonMail, Swiss-based encrypted email. > > > > GPG Public Key - > > https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com > > > > --- Original Message --- > > On Monday, March 27th, 2023 at 9:46 AM, Bill Giannelli > > billgianne...@gmail.com wrote: > > > > > I want to create another TARGET and DLIB zone for another level of > > > maintenance. > > > I am currently, showing "newbie" offshore folks our SMPe environment. > > > Is there a way to "secure" the newly created TARGET and DLIB zones so > > > they are not inadvertently updated? > > > thanks > > > Bill > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SMPe securing zones
I've found that GIMSMP opens the datasets in UPDATE mode, so the user will still need UPDATE or higher access. READ access fails when the program starts. I've growled that GIMSMP needs to open in READ mode, then close/open in the desired UPDATE mode if needed. Matthew On Mon, 27 Mar 2023 13:50:28 +, Mark Jacobs wrote: >If you have those zones in their own CSI datasets, you can use your security >system just to allow READ access. > >Mark Jacobs > > >Sent from ProtonMail, Swiss-based encrypted email. > >GPG Public Key - >https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com > > >--- Original Message --- >On Monday, March 27th, 2023 at 9:46 AM, Bill Giannelli > wrote: > > >> I want to create another TARGET and DLIB zone for another level of >> maintenance. >> I am currently, showing "newbie" offshore folks our SMPe environment. >> Is there a way to "secure" the newly created TARGET and DLIB zones so they >> are not inadvertently updated? >> thanks >> Bill -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SMPe securing zones
If you have those zones in their own CSI datasets, you can use your security system just to allow READ access. Mark Jacobs Sent from ProtonMail, Swiss-based encrypted email. GPG Public Key - https://api.protonmail.ch/pks/lookup?op=get&search=markjac...@protonmail.com --- Original Message --- On Monday, March 27th, 2023 at 9:46 AM, Bill Giannelli wrote: > I want to create another TARGET and DLIB zone for another level of > maintenance. > I am currently, showing "newbie" offshore folks our SMPe environment. > Is there a way to "secure" the newly created TARGET and DLIB zones so they > are not inadvertently updated? > thanks > Bill > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: SMPe securing zones
Why not give them read-only access? From: IBM Mainframe Discussion List on behalf of Bill Giannelli Sent: Monday, March 27, 2023 9:46 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SMPe securing zones I want to create another TARGET and DLIB zone for another level of maintenance. I am currently, showing "newbie" offshore folks our SMPe environment. Is there a way to "secure" the newly created TARGET and DLIB zones so they are not inadvertently updated? thanks Bill -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
SMPe securing zones
I want to create another TARGET and DLIB zone for another level of maintenance. I am currently, showing "newbie" offshore folks our SMPe environment. Is there a way to "secure" the newly created TARGET and DLIB zones so they are not inadvertently updated? thanks Bill -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN