Portal | Manuals | References | Downloads | Info | Programs | JCLs | Mainframe wiki | Quick Ref
IBM Mainframe Computers Forums Index
 
Register
 
IBM Mainframe Computers Forums Index Mainframe: Search IBM Mainframe Forum: FAQ Memberlist Profile Log in to check your private messages Log in
 
ACS-routines and absent RACF-profiles

 
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM
View previous topic :: :: View next topic  
Author Message
Willem Vermeer

New User


Joined: 31 Oct 2007
Posts: 38
Location: Amsterdam, the Netherlands

PostPosted: Thu Oct 13, 2011 2:16 pm    Post subject: ACS-routines and absent RACF-profiles
Reply with quote

Greetings.

Is there a way to find out in an ACS-routine whether a data set, that's in the process of being allocated, has a valid data set-profile?

I'm asking this because at our shop sometimes userids get defined (i.e. the Alias) and people forget to assign them the proper RACF-profiles. Sure, I could simply ignore all the RACF-stuff and let the allocation fail, but this usually results in lots of confusing messages flying to and fro.

I'm trying to prevent this and come up with a simple and clear message telling the user that he/she should get their RACF-profiles in order. Of course I'll then fail the allocation.
Back to top
View user's profile Send private message

expat

Global Moderator


Joined: 14 Mar 2007
Posts: 8593
Location: Back in jolly old England

PostPosted: Thu Oct 13, 2011 2:19 pm    Post subject:
Reply with quote

What about liaison with the security group who should be responsible for the RACF stuff
Back to top
View user's profile Send private message
Willem Vermeer

New User


Joined: 31 Oct 2007
Posts: 38
Location: Amsterdam, the Netherlands

PostPosted: Thu Oct 13, 2011 2:32 pm    Post subject: Reply to: ACS-routines and absent RACF-profiles
Reply with quote

True, I could do that. But... assigning and removal of RACF-profiles has been outsourced to an external party and they don't know ANYTHING about ACS-routines and the like.

Also true, when the allocation fails I could get them to fix the problem, but... we cannot get into any kind of direct contact with this external party. We have to follow a procedure like you wouldn't believe and getting such a RACF-issue fixed (ANY kind of RACF-issue) simply takes to much time for us.

So, we want the user (or his representatives) to take care of that. But then they'll will have to know what the issue is and I'd like to tell them that in a simple, clear message.
Back to top
View user's profile Send private message
enrico-sorichetti

Global Moderator


Joined: 14 Mar 2007
Posts: 10308
Location: italy

PostPosted: Thu Oct 13, 2011 2:53 pm    Post subject: Reply to: ACS-routines and absent RACF-profiles
Reply with quote

Quote:
But... assigning and removal of RACF-profiles has been outsourced to an external party and they don't know ANYTHING about ACS-routines and the like.


they do not have to know... they just have to follow blindly the procedure defined by the SLA... full stop

usually for security related stuff proof of action is required by the auditors/security official and by the people in need to know
if the <paperwork> is missing the work has not been done ,

if they forget to add a profile ( and the task was defined in the SLA ) ...
just forget to pay the invoices

simple and effective

if the idiot who negotiated the outsourcing forgot to define a proper SLA .. You all are out of luck

I wonder why people have to do double work because some idiot at the upper floors did not do his job

but apart the chat... You will have to manage the problem when it faces icon_biggrin.gif
but are You sure it has to be You ?

if You organization is so strictly structured ... a sound problem reporting channel is certainly in place
have the <people> who get the allocation error report the problem thru the standard channels
Quote:
So, we want the user (or his representatives) to take care of that. But then they'll will have to know what the issue is

the system message will tell and they should use that as a key for th problem reporting

You defined properly the SMS stuff... You abided the SLA
force somebody else to respect his/her

add on ...
all depends on the relation of the <new> alias to the ACS routines
if the new alias impacts the ACS routines You have the need to know..
the strong arm approach would be not to do anything until You have proof that all the prerequisites are satisfied
Back to top
View user's profile Send private message
expat

Global Moderator


Joined: 14 Mar 2007
Posts: 8593
Location: Back in jolly old England

PostPosted: Thu Oct 13, 2011 4:04 pm    Post subject:
Reply with quote

Sounds to me like the route to save money has yet again failed to produce acceptable results.

Unfortunately until the RACF and alias is correctly defined you're stuffed.
Back to top
View user's profile Send private message
View previous topic :: :: View next topic  
Post new topic   Reply to topic    IBMMAINFRAMES.com Support Forums -> JCL & VSAM All times are GMT + 6 Hours
Page 1 of 1

 

Search our Forum:

Similar Topics
Topic Author Forum Replies Posted
This topic is locked: you cannot edit posts or make replies. Limit access to certain RACF group cvnlynn CLIST & REXX 5 Wed Aug 23, 2017 2:28 am
No new posts find RACF group for access to spooled... jzhardy JCL & VSAM 1 Mon May 08, 2017 11:46 am
No new posts Liberty Angel Server using RACF Keyring martin9 CICS 0 Tue May 02, 2017 5:49 pm
No new posts RACF profile access vasanthz All Other Mainframe Topics 11 Fri Sep 23, 2016 5:51 am
No new posts RACF Easytrieve Plus macro Susan Jackson CA Products 0 Fri Jun 03, 2016 8:25 pm

Facebook
Back to Top
 
Job Vacancies | Forum Rules | Bookmarks | Subscriptions | FAQ | Polls | Contact Us