View previous topic :: View next topic
|
Author |
Message |
Willem Vermeer
New User
Joined: 31 Oct 2007 Posts: 38 Location: Amsterdam, the Netherlands
|
|
|
|
Greetings.
Is there a way to find out in an ACS-routine whether a data set, that's in the process of being allocated, has a valid data set-profile?
I'm asking this because at our shop sometimes userids get defined (i.e. the Alias) and people forget to assign them the proper RACF-profiles. Sure, I could simply ignore all the RACF-stuff and let the allocation fail, but this usually results in lots of confusing messages flying to and fro.
I'm trying to prevent this and come up with a simple and clear message telling the user that he/she should get their RACF-profiles in order. Of course I'll then fail the allocation. |
|
Back to top |
|
|
expat
Global Moderator
Joined: 14 Mar 2007 Posts: 8797 Location: Welsh Wales
|
|
|
|
What about liaison with the security group who should be responsible for the RACF stuff |
|
Back to top |
|
|
Willem Vermeer
New User
Joined: 31 Oct 2007 Posts: 38 Location: Amsterdam, the Netherlands
|
|
|
|
True, I could do that. But... assigning and removal of RACF-profiles has been outsourced to an external party and they don't know ANYTHING about ACS-routines and the like.
Also true, when the allocation fails I could get them to fix the problem, but... we cannot get into any kind of direct contact with this external party. We have to follow a procedure like you wouldn't believe and getting such a RACF-issue fixed (ANY kind of RACF-issue) simply takes to much time for us.
So, we want the user (or his representatives) to take care of that. But then they'll will have to know what the issue is and I'd like to tell them that in a simple, clear message. |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
Quote: |
But... assigning and removal of RACF-profiles has been outsourced to an external party and they don't know ANYTHING about ACS-routines and the like. |
they do not have to know... they just have to follow blindly the procedure defined by the SLA... full stop
usually for security related stuff proof of action is required by the auditors/security official and by the people in need to know
if the <paperwork> is missing the work has not been done ,
if they forget to add a profile ( and the task was defined in the SLA ) ...
just forget to pay the invoices
simple and effective
if the idiot who negotiated the outsourcing forgot to define a proper SLA .. You all are out of luck
I wonder why people have to do double work because some idiot at the upper floors did not do his job
but apart the chat... You will have to manage the problem when it faces
but are You sure it has to be You ?
if You organization is so strictly structured ... a sound problem reporting channel is certainly in place
have the <people> who get the allocation error report the problem thru the standard channels
Quote: |
So, we want the user (or his representatives) to take care of that. But then they'll will have to know what the issue is |
the system message will tell and they should use that as a key for th problem reporting
You defined properly the SMS stuff... You abided the SLA
force somebody else to respect his/her
add on ...
all depends on the relation of the <new> alias to the ACS routines
if the new alias impacts the ACS routines You have the need to know..
the strong arm approach would be not to do anything until You have proof that all the prerequisites are satisfied |
|
Back to top |
|
|
expat
Global Moderator
Joined: 14 Mar 2007 Posts: 8797 Location: Welsh Wales
|
|
|
|
Sounds to me like the route to save money has yet again failed to produce acceptable results.
Unfortunately until the RACF and alias is correctly defined you're stuffed. |
|
Back to top |
|
|
|