Discussion:
RACF protection of a volume
Add Reply
Todd Burrell
2018-06-04 22:27:32 UTC
Reply
Permalink
Raw Message
Hopefully this is not a stupid question - but is it possibly via RACF (maybe with DASDVOL) to allow a particular system to have only read access to a DASD volume? We have a need to possibly vary some devices onto a system in one plex while it is being updated on another plex, so we would like to ensure the one system cannot update the volume.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Lizette Koehler
2018-06-04 23:04:37 UTC
Reply
Permalink
Raw Message
If you were not aware there is a RACF list that this question might also be posted to

To join, if you have not done so

RACF http://www.listserv.uga.edu/archives/racf-l.html


A side comment, I would not allow DASD Sharing between plexes. Within members of a PLEX, yes. Between Plexes, no

Especially if there are any PDS/E datasets. Very dangerous.

Could you not use some sort of transfer process (Connect Direct, FTP, etc) to move data between the environments?


Lizette
-----Original Message-----
Todd Burrell
Sent: Monday, June 04, 2018 3:27 PM
Subject: RACF protection of a volume
Hopefully this is not a stupid question - but is it possibly via RACF (maybe
with DASDVOL) to allow a particular system to have only read access to a DASD
volume? We have a need to possibly vary some devices onto a system in one
plex while it is being updated on another plex, so we would like to ensure
the one system cannot update the volume.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2018-06-04 23:17:36 UTC
Reply
Permalink
Raw Message
<damnthetopedos>
Are we not smart enough to deal with such things?

GRS special processing, hardware reserves, MIM..or for sysprogs.. just
being careful?

Should some restraint be exercised? Sure.. but let's not act like we are
just another server without ways to do just about anything ( some more
advisable than others ) we want!!
</damnthetopedos>

Rob Schramm
Post by Lizette Koehler
If you were not aware there is a RACF list that this question might also be posted to
To join, if you have not done so
RACF http://www.listserv.uga.edu/archives/racf-l.html
A side comment, I would not allow DASD Sharing between plexes. Within
members of a PLEX, yes. Between Plexes, no
Especially if there are any PDS/E datasets. Very dangerous.
Could you not use some sort of transfer process (Connect Direct, FTP, etc)
to move data between the environments?
Lizette
-----Original Message-----
Behalf Of
Todd Burrell
Sent: Monday, June 04, 2018 3:27 PM
Subject: RACF protection of a volume
Hopefully this is not a stupid question - but is it possibly via RACF
(maybe
with DASDVOL) to allow a particular system to have only read access to a
DASD
volume? We have a need to possibly vary some devices onto a system in
one
plex while it is being updated on another plex, so we would like to
ensure
the one system cannot update the volume.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Walt Farrell
2018-06-04 23:45:21 UTC
Reply
Permalink
Raw Message
Post by Todd Burrell
Hopefully this is not a stupid question - but is it possibly via RACF (maybe with DASDVOL) to allow a particular system to have only read access to a DASD volume? We have a need to possibly vary some devices onto a system in one plex while it is being updated on another plex, so we would like to ensure the one system cannot update the volume.
General.answer: No, it's not possible.

Limited situation answer: Yes, if
(a) you're willing to write some RACF exits, and

(b) only want protection from data set creation/deletion and update via normal means (JCL, dynamic allocation, OPEN, etc.) via normal users, and

(c) don't care what your system programmers and/or storage administrators might do either with authorities like OPERATIONS or via other means such as ADRDSSU, ICKDSF, etc.
--
Walt

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Burrell, Todd
2018-06-05 01:34:25 UTC
Reply
Permalink
Raw Message
As I said this was probably a stupid question. I suspect that from what I have seen MIM may be a solution, but we will look more.

Thanks for the info, Walt.




This email transmission and any accompanying attachments may contain CSX privileged and confidential information intended only for the use of the intended addressee. Any dissemination, distribution, copying or action taken in reliance on the contents of this email by anyone other than the intended recipient is strictly prohibited. If you have received this email in error please immediately delete it and notify sender at the above CSX email address. Sender and CSX accept no liability for any damage caused directly or indirectly by receipt of this email.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Mike Schwab
2018-06-05 02:37:18 UTC
Reply
Permalink
Raw Message
An SMS volume from a system without the volume defined to a storage
group is pretty darn resistant. But they generally don't need this
kind of treatment.
Post by Todd Burrell
Hopefully this is not a stupid question - but is it possibly via RACF (maybe with DASDVOL) to allow a particular system to have only read access to a DASD volume? We have a need to possibly vary some devices onto a system in one plex while it is being updated on another plex, so we would like to ensure the one system cannot update the volume.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2018-06-05 02:54:56 UTC
Reply
Permalink
Raw Message
Excellent point. I ran across this ( at the time it was a pesky problem )
which kept me from at least creating datasets on a SMS volume that's part
of another Cindy.

Rob Schramm
Post by Mike Schwab
An SMS volume from a system without the volume defined to a storage
group is pretty darn resistant. But they generally don't need this
kind of treatment.
Post by Todd Burrell
Hopefully this is not a stupid question - but is it possibly via RACF
(maybe with DASDVOL) to allow a particular system to have only read access
to a DASD volume? We have a need to possibly vary some devices onto a
system in one plex while it is being updated on another plex, so we would
like to ensure the one system cannot update the volume.
Post by Todd Burrell
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Mike A Schwab, Springfield IL USA
Where do Forest Rangers go to get away from it all?
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Chris Hoelscher
2018-06-05 03:28:31 UTC
Reply
Permalink
Raw Message
How many Cindy's do you have?

Chris Hoelscher
Humana.com
(502) 476-2538 or 407-7266


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Rob Schramm
Sent: Monday, June 4, 2018 10:55 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: Re: [IBM-MAIN] RACF protection of a volume

Excellent point. I ran across this ( at the time it was a pesky problem ) which kept me from at least creating datasets on a SMS volume that's part of another Cindy.

Rob Schramm

mail to ***@listserv.ua.edu with the message: INFO IBM-MAIN

The information transmitted is intended only for the person or entity to which it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information in error,
please contact the sender and delete or destroy the material/information.

Humana Inc. and its subsidiaries comply with applicable Federal civil rights laws and
do not discriminate on the basis of race, color, national origin, age, disability or
sex. Humana Inc. and its subsidiaries do not exclude people or treat them differently
because of race, color, national origin, age, disability or sex.

English: ATTENTION: If you do not speak English, language assistance services, free
of charge, are available to you. Call 1‐877‐320‐1235 (TTY: 711).

Español (Spanish): ATENCIÓN: Si habla español, tiene a su disposición servicios
gratuitos de asistencia lingüística. Llame al 1‐877‐320‐1235 (TTY: 711).

繁體中文(Chinese):注意:如果您使用繁體中文,您可以免費獲得語言援助
服務。請致電 1‐877‐320‐1235 (TTY: 711)。

Kreyòl Ayisyen (Haitian Creole): ATANSION: Si w pale Kreyòl Ayisyen, gen sèvis èd
pou lang ki disponib gratis pou ou. Rele 1‐877‐320‐1235 (TTY: 711).

Polski (Polish): UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej
pomocy językowej. Zadzwoń pod numer 1‐877‐320‐1235 (TTY: 711).

한국어 (Korean): 주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로
이용하실 수 있습니다. 1‐877‐320‐1235 (TTY: 711)번으로 전화해 주십시오.


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2018-06-06 12:08:57 UTC
Reply
Permalink
Raw Message
Stupid auto spell error... System. Apparently one more Cindy than I need
and certainly one more than I can correct before pressing "send"

Rob
Post by Chris Hoelscher
How many Cindy's do you have?
Chris Hoelscher
Humana.com
(502) 476-2538 or 407-7266
-----Original Message-----
Behalf Of Rob Schramm
Sent: Monday, June 4, 2018 10:55 PM
Subject: Re: [IBM-MAIN] RACF protection of a volume
Excellent point. I ran across this ( at the time it was a pesky problem )
which kept me from at least creating datasets on a SMS volume that's part
of another Cindy.
Rob Schramm
The information transmitted is intended only for the person or entity to
which it is addressed
and may contain CONFIDENTIAL material. If you receive this
material/information in error,
please contact the sender and delete or destroy the material/information.
Humana Inc. and its subsidiaries comply with applicable Federal civil rights laws and
do not discriminate on the basis of race, color, national origin, age, disability or
sex. Humana Inc. and its subsidiaries do not exclude people or treat them differently
because of race, color, national origin, age, disability or sex.
English: ATTENTION: If you do not speak English, language assistance services, free
of charge, are available to you. Call 1‐877‐320‐1235 (TTY: 711).
Español (Spanish): ATENCIÓN: Si habla español, tiene a su disposición servicios
gratuitos de asistencia lingüística. Llame al 1‐877‐320‐1235 (TTY: 711).
繁體中文(Chinese):注意:如果您使用繁體中文,您可以免費獲得語言援助
服務。請致電 1‐877‐320‐1235 (TTY: 711)。
Kreyòl Ayisyen (Haitian Creole): ATANSION: Si w pale Kreyòl Ayisyen, gen sèvis èd
pou lang ki disponib gratis pou ou. Rele 1‐877‐320‐1235 (TTY: 711).
Polski (Polish): UWAGA: Jeżeli mówisz po polsku, możesz skorzystać z bezpłatnej
pomocy językowej. Zadzwoń pod numer 1‐877‐320‐1235 (TTY: 711).
한국어 (Korean): 주의: 한국어를 사용하시는 경우, 언어 지원 서비스를 무료로
이용하실 수 있습니다. 1‐877‐320‐1235 (TTY: 711)번으로 전화해 주십시오.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Marna WALLE
2018-06-07 21:33:06 UTC
Reply
Permalink
Raw Message
I was thinking of possibly another method that you could look at...how about making that volume have a READ-ONLY attribute in HCD? Read up on this, as there are some restrictions.

Marna WALLE
z/OS System Installation and Migration
IBM Poughkeepsie

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2018-06-07 23:38:43 UTC
Reply
Permalink
Raw Message
Nice.
Post by Marna WALLE
I was thinking of possibly another method that you could look at...how
about making that volume have a READ-ONLY attribute in HCD? Read up on
this, as there are some restrictions.
Marna WALLE
z/OS System Installation and Migration
IBM Poughkeepsie
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...