Re: General RACF question for Walt
On Mon, 6 Aug 2018 11:13:49 +, Blake, Daniel J [CTR] wrote: >Years ago I was called to assist two different customers who both screwed up >the only Special userid. In both cases I was able to switch to the IBM >supplied RACF data bases that came with a ServerPac. Logged in with IBMUSER, >switched back and reset the SPECIAL userid. > >This was many years ago and I don't have a RACF protected system to play on. >Is this option still available? It's hard to say whether that would work. For one thing, without an IPL you can only switch to a database of the same name as the one(s) you're already using. Every shop should have procedures in place for handling a situation like this without an IPL, and should also have additional procedures in place to IPL a "one-pack" recovery system in case their normal recovery procedures don't work for some reason. A few common procedures that can help without an IPL: (1) The ability for someone with SPECIAL to logon to an MVS operator console and issue RACF commands. (2) An STC with SPECIAL that will issue an ALTUSER RESUME for one or more of the SPECIAL users. (3) The ability for someone with SPECIAL to logon to TSO without using a session manager. There are others, but those are easy. They do need to be setup in advance and tested regularly, along with recovery procedures for other critical system components (no JES, no catalog, etc.). -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: General RACF question for Walt
Mike Schwab wrote: >Isn't that what the SYS1.UADS dataset is for? To allow signons without a >security system? Indeed, but these ids must be pre-defined and tested in the first place in UADS. Anyways, I believe the original poster who really screwed up his system, should by now approach IBM for assistance. One minute of lockup, holdup, unscheduled downtime, etc. is a serious NO-NO in a production system. Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: General RACF question for Walt
Isn't that what the SYS1.UADS dataset is for? To allow signons without a security system? And it using the 8th character as a sequence digit lead to the 7 character TSO limit. On Monday, August 6, 2018, Blake, Daniel J [CTR] < 00f1be92566d-dmarc-requ...@listserv.ua.edu> wrote: > Walt, > > Years ago I was called to assist two different customers who both screwed > up the only Special userid. In both cases I was able to switch to the IBM > supplied RACF data bases that came with a ServerPac. Logged in with > IBMUSER, switched back and reset the SPECIAL userid. > > This was many years ago and I don't have a RACF protected system to play > on. Is this option still available? > > Thanks > > ;-D an > > > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
General RACF question for Walt
Walt, Years ago I was called to assist two different customers who both screwed up the only Special userid. In both cases I was able to switch to the IBM supplied RACF data bases that came with a ServerPac. Logged in with IBMUSER, switched back and reset the SPECIAL userid. This was many years ago and I don't have a RACF protected system to play on. Is this option still available? Thanks ;-D an -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
