Discussion:
BATCH Rename/delete PDS members w/STANDARD IBM utilities ONLY
(too old to reply)
Farley, Peter x23353
2004-05-14 23:05:37 UTC
Permalink
Hi all,

I guess senility is setting in, but I thought for sure there was a way
(other than IEHPROGM and IKJEFT01/RENAME) to rename or delete PDS members
from a batch job. Problem with IEHPROGM is that it is, of course,
restricted use -- and I'm not on that authorization list. IKJEFT01/RENAME
is OK, I guess, but that's not really a batch utility, and you can't delete
members with TSO DELETE, just datasets. At least, that's what TSO HELP
says.

I've looked high and low in the manuals, and I can't seem to find anything
else, which is what leads me to suspect senility and/or blindness.

Outside of using IEHPROGM or IKJEFT01 and doing it as a series of TSO RENAME
commands, is there any other way (using IBM STANDARD utilities only -- i.e.,
not ISV, not CBT) to rename PDS members? (BTW, I have absolutely nothing
against CBT utilities, just a need to use only standard utilities in this
particular case.) And is there any way at all to delete PDS members?

TIA for helping out these old gray cells.

Peter

P.S. -- I did some more research in the ISPF manuals, and the ISPEXEC LM...
Services seem to have what I need, but I'm having some trouble invoking them
from batch with IKJEFT01 and a REXX exec. Here's what I've got so far. Any
help on setting it up correctly (i.e, so it works...) would be appreciated.

JCL:

//RENMTEST EXEC PGM=IKJEFT01
//TESTLIB2 DD DISP=OLD,DSN=userid.TEST.TESTLIB2
//STEPLIB DD DISP=SHR,DSN=SYS1.SISPLOAD
//SYSEXEC DD DISP=SHR,DSN=userid.TEST.EXEC
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
PROFILE MSGID
EXEC TEST(ISPFTEST) EXEC
//*

Contents of userid.TEST.EXEC(ISPFTEST):

/* REXX */
address ISPEXEC
'ISPEXEC LMINIT DATAID(TLIB2) DDNAME(TESTLIB2) '
'ISPEXEC LMOPEN DATAID(TLIB2) OPTION(OUTPUT) '
'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM1) '
'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM2) '
'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM3) '
'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(DTSTMEM1) NEWNAME(ZTSTMEM1)'
'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(OMTABLE1) NEWNAME(ZTSTMEM2)'
'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(RTSTMEM3) NEWNAME(ZTSTMEM3)'
'ISPEXEC LMCOMP DATAID(TLIB2) '
'ISPEXEC LMCLOSE DATAID(TLIB2) '
'ISPEXEC LMFREE DATAID(TLIB2) '
return 0

Results on SYSTSPRT listing (sorry if this wraps):

1READY

PROFILE MSGID

READY

EXEC TEST(ISPFTEST) EXEC

3 *-* 'ISPEXEC LMINIT DATAID(TLIB2) DDNAME(TESTLIB2)
'
+++ RC(-3) +++

4 *-* 'ISPEXEC LMOPEN DATAID(TLIB2) OPTION(OUTPUT)
'
+++ RC(-3) +++

5 *-* 'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM1)
'
+++ RC(-3) +++

6 *-* 'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM2)
'
+++ RC(-3) +++

7 *-* 'ISPEXEC LMMDEL DATAID(TLIB2) MEMBER(ZTSTMEM3)
'
+++ RC(-3) +++

8 *-* 'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(DTSTMEM1)
NEWNAME(ZTSTMEM1)'
+++ RC(-3) +++

9 *-* 'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(OMTABLE1)
NEWNAME(ZTSTMEM2)'
+++ RC(-3) +++

10 *-* 'ISPEXEC LMMREN DATAID(TLIB2) MEMBER(RTSTMEM3)
NEWNAME(ZTSTMEM3)'
+++ RC(-3) +++

11 *-* 'ISPEXEC LMCOMP DATAID(TLIB2)
'
+++ RC(-3) +++

12 *-* 'ISPEXEC LMCLOSE DATAID(TLIB2)
'
+++ RC(-3) +++

_
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
ibm-main
2004-05-15 00:18:39 UTC
Permalink
Post by Farley, Peter x23353
Hi all,
I guess senility is setting in, but I thought for sure there was a way
(other than IEHPROGM and IKJEFT01/RENAME) to rename or delete PDS members
from a batch job. Problem with IEHPROGM is that it is, of course,
restricted use -- and I'm not on that authorization list. IKJEFT01/RENAME
is OK, I guess, but that's not really a batch utility, and you can't delete
members with TSO DELETE, just datasets. At least, that's what TSO HELP
says.
Batch TSO works - for both.
Post by Farley, Peter x23353
From the TSO/E Command Ref !!!
"Use the DELETE command to delete one or more data set entries or one or
more members of a partitioned data set."

Never had a problem thinking of batch TSO as batch - KISS works for me.
You could also try IDCAMS for the deletes.

Shane ...

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Greg Dorner
2004-05-15 00:40:42 UTC
Permalink
You can delete a pds member by: delete 'data.set.name(member)'
under TSO.

Greg

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Barry Schwarz
2004-05-15 09:54:50 UTC
Permalink
I give up. What is it about IEHPROGM that would prompt one to restrict it?

"Farley, Peter x23353" <***@ADP.COM> wrote:Hi all,

I guess senility is setting in, but I thought for sure there was a way
(other than IEHPROGM and IKJEFT01/RENAME) to rename or delete PDS members
from a batch job. Problem with IEHPROGM is that it is, of course,
restricted use -- and I'm not on that authorization list. IKJEFT01/RENAME
is OK, I guess, but that's not really a batch utility, and you can't delete
members with TSO DELETE, just datasets. At least, that's what TSO HELP
says.



---------------------------------
Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Binyamin Dissen
2004-05-15 19:13:50 UTC
Permalink
On Fri, 14 May 2004 19:11:11 -0400 "Farley, Peter x23353"
<***@ADP.COM> wrote:

:>P.S. -- I did some more research in the ISPF manuals, and the ISPEXEC LM...
:>Services seem to have what I need, but I'm having some trouble invoking them
:>from batch with IKJEFT01 and a REXX exec. Here's what I've got so far. Any
:>help on setting it up correctly (i.e, so it works...) would be appreciated.

:>JCL:

:>//RENMTEST EXEC PGM=IKJEFT01
:>//TESTLIB2 DD DISP=OLD,DSN=userid.TEST.TESTLIB2
:>//STEPLIB DD DISP=SHR,DSN=SYS1.SISPLOAD
:>//SYSEXEC DD DISP=SHR,DSN=userid.TEST.EXEC
:>//SYSTSPRT DD SYSOUT=*
:>//SYSTSIN DD *
:> PROFILE MSGID
:> EXEC TEST(ISPFTEST) EXEC

ISPF CMD(EXEC TEST(ISPFTEST) EXEC)

Of course, you will also have to allocate the ISPF libraries.

:>//*

--
Binyamin Dissen <***@dissensoftware.com>
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Farley, Peter x23353
2004-05-16 03:19:08 UTC
Permalink
Thanks Shane, I missed that description while looking at the syntax.

I do notice that there are *no* examples (or syntax even) for deleting a
member from a PDS. I guess we're supposed to intuit it or experiment with
throwaway PDS's until we get the syntax right.

Never thought of using IDCAMS. Then again, since TSO doc says TSO DELETE
has been replaced by IDCAMS DELETE, why not?

<*Sigh*> So much documentation, so little time.

Thanks again.

Peter
-----Original Message-----
Sent: Friday, May 14, 2004 8:22 PM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
<Snipped>
Batch TSO works - for both.
Post by Farley, Peter x23353
From the TSO/E Command Ref !!!
"Use the DELETE command to delete one or more data set
entries or one or more members of a partitioned data set."
Never had a problem thinking of batch TSO as batch - KISS
works for me. You could also try IDCAMS for the deletes.
Shane ...
_
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Farley, Peter x23353
2004-05-16 03:20:32 UTC
Permalink
Thanks Greg.
-----Original Message-----
Sent: Friday, May 14, 2004 8:44 PM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
You can delete a pds member by: delete 'data.set.name(member)'
under TSO.
Greg
_
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Farley, Peter x23353
2004-05-16 03:22:55 UTC
Permalink
You're asking the wrong person. That should be directed at sysprogs and
security administrators and auditors, not simple programmers like me. I
haven't a clue.

Peter
-----Original Message-----
Sent: Saturday, May 15, 2004 5:58 AM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
I give up. What is it about IEHPROGM that would prompt one
to restrict it?
_
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Farley, Peter x23353
2004-05-16 03:25:44 UTC
Permalink
AHA! (Picture of lightbulb going on here.) Thanks Binyamin, that was
enlightening.

Peter
-----Original Message-----
Sent: Saturday, May 15, 2004 3:17 PM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
<Snipped>
ISPF CMD(EXEC TEST(ISPFTEST) EXEC)
Of course, you will also have to allocate the ISPF libraries.
_
This message and any attachments are intended only for the use of the addressee and
may contain information that is privileged and confidential. If the reader of the
message is not the intended recipient or an authorized representative of the
intended recipient, you are hereby notified that any dissemination of this
communication is strictly prohibited. If you have received this communication in
error, please notify us immediately by e-mail and delete the message and any
attachments from your system.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Bruce Hewson
2004-05-16 04:05:16 UTC
Permalink
Since IEHPROGM update VTOCs directly....that is probably why it is
restricted.

:-)

On Sat, 15 May 2004 23:28:38 -0400, Farley, Peter x23353
Post by Farley, Peter x23353
You're asking the wrong person. That should be directed at sysprogs and
security administrators and auditors, not simple programmers like me. I
haven't a clue.
Peter
-----Original Message-----
Sent: Saturday, May 15, 2004 5:58 AM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
I give up. What is it about IEHPROGM that would prompt one
to restrict it?
<snip>

Regards
Bruce Hewson

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Binyamin Dissen
2004-05-16 06:19:38 UTC
Permalink
On Sat, 15 May 2004 23:05:10 -0500 Bruce Hewson <***@HOTMAIL.COM>
wrote:

:>Since IEHPROGM update VTOCs directly....that is probably why it is
:>restricted.

It uses SVC 26 like any other program can.

I remember in college (many years ago) where the administration hid the
IEHLIST and IEHPROGM programs to avoid student hacking. No problem - I wrote
my own simple version of IEHLIST, used CAMLST and OPEN TYPE=J, etc.

Protecting it is about as useful as protecting AMASPZAP, another favorite of
auditors.

:>On Sat, 15 May 2004 23:28:38 -0400, Farley, Peter x23353
:><***@ADP.COM> wrote:
:>
:>>You're asking the wrong person. That should be directed at sysprogs and
:>>security administrators and auditors, not simple programmers like me. I
:>>haven't a clue.

:>>Peter

:>>> -----Original Message-----
:>>> From: Barry Schwarz [mailto:***@ibm-main.lst
:>>> Sent: Saturday, May 15, 2004 5:58 AM
:>>> To: IBM-***@BAMA.UA.EDU
:>>> Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
:>>> utilities ONLY

:>>> I give up. What is it about IEHPROGM that would prompt one
:>>> to restrict it?

--
Binyamin Dissen <***@dissensoftware.com>
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Gilbert Saint-Flour
2004-05-16 15:53:48 UTC
Permalink
Post by Bruce Hewson
Since IEHPROGM update VTOCs directly....that is probably why it is
restricted.
Update VTOCs directly? Are you sure? AFAIK, IEHPROGM uses only standard
and documented system macros and services, such as LOCATE, CATALOG,
OBTAIN, SCRATCH, RENAME, OPEN and STOW. These services are available to
non-authorised user-written programs.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
shmuel+ (Shmuel Metz , Seymour J.)
2004-05-17 10:42:43 UTC
Permalink
Post by Bruce Hewson
Since IEHPROGM update VTOCs directly
Where did ou get that idea from?

--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Paul Gilmartin
2004-05-17 03:19:25 UTC
Permalink
Date: Sun, 16 May 2004 09:19:23 +0300
:>Since IEHPROGM update VTOCs directly....that is probably why it is
:>restricted.
It uses SVC 26 like any other program can.
I remember in college (many years ago) where the administration hid the
my own simple version of IEHLIST, used CAMLST and OPEN TYPE=J, etc.
Protecting it is about as useful as protecting AMASPZAP, another favorite of
auditors.
Perhaps they could be distracted by sending them off to protect their
charges from the greater hazard of dihydrogen monoxide:

Linkname: Coalition to Ban Dihydrogen Monoxide Homepage
URL: http://www.circus.com/~no_dhmo/

-- gil
--
StorageTek
INFORMATION made POWERFUL

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
shmuel+ (Shmuel Metz , Seymour J.)
2004-05-17 10:42:33 UTC
Permalink
Post by Farley, Peter x23353
I guess senility is setting in, but I thought for sure there was a
way (other than IEHPROGM and IKJEFT01/RENAME) to rename or delete PDS
members from a batch job.
Yes, one or two, depending on how you count them.

1. ISPF

2. IDCAMS. But the TSO DELETE and RENAME commands are just interfaces
to IDCAMS, so I don't know whether to count that.
Post by Farley, Peter x23353
Problem with IEHPROGM is that it is, of course, restricted use
Why "of course"? IEHPROGM doesn't so anything that you couldn't do
yourself.
Post by Farley, Peter x23353
and you can't delete members with TSO DELETE,
Of course you can.
Post by Farley, Peter x23353
P.S. -- I did some more research in the ISPF manuals, and the
ISPEXEC LM... Services seem to have what I need, but I'm having some
trouble invoking them from batch with IKJEFT01 and a REXX exec.
That's because you attempted to invoke ISPF services from outside of
ISPF. You have to invoke ISPSTART and call the services from within
the command you tell ISPSTART to execute. Also, you're missing a bunch
of required ISP.... allocations.
Post by Farley, Peter x23353
EXEC TEST(ISPFTEST) EXEC
ISPSTART CMD(ISPFTEST)

--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Rick Fochtman
2004-05-17 12:05:17 UTC
Permalink
-------------------------<snip>-------------------------
I give up. What is it about IEHPROGM that would prompt one to restrict it?
---------------------<unsnip>-------------------------
SCRATCH VTOC,.....

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Binyamin Dissen
2004-05-17 13:34:06 UTC
Permalink
On Mon, 17 May 2004 07:04:47 -0500 Rick Fochtman
<***@CLEARINGCORP.COM> wrote:

:>-------------------------<snip>-------------------------
:>I give up. What is it about IEHPROGM that would prompt one to restrict it?
:>---------------------<unsnip>-------------------------
:> SCRATCH VTOC,.....

I believe it does a series of SVC 26's.

Do you have other information?

--
Binyamin Dissen <***@dissensoftware.com>
http://www.dissensoftware.com

Director, Dissen Software, Bar & Grill - Israel

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Bruce Black
2004-05-17 13:44:51 UTC
Permalink
Post by Binyamin Dissen
I believe it does a series of SVC 26's.
FYI, SVC 26 is CATALOG. SVC 29 is SCRATCH. so in this case IEHPROGM
would issue SVC 29 (or possibly CVAF macros).

--
Bruce A. Black
Senior Software Developer for FDR
Innovation Data Processing 973-890-7300
personal: ***@fdrinnovation.com
sales info: ***@fdrinnovation.com
tech support: ***@fdrinnovation.com
web: www.innovationdp.fdr.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Binyamin Dissen
2004-05-17 13:56:04 UTC
Permalink
On Mon, 17 May 2004 09:44:37 -0400 Bruce Black <***@FDRINNOVATION.COM>
wrote:

:>>I believe it does a series of SVC 26's.

:>FYI, SVC 26 is CATALOG. SVC 29 is SCRATCH. so in this case IEHPROGM
:>would issue SVC 29 (or possibly CVAF macros).

How sloppy of me.

--
Binyamin Dissen <***@dissensoftware.com>
http://www.dissensoftware.com

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
shmuel+ (Shmuel Metz , Seymour J.)
2004-05-18 13:22:42 UTC
Permalink
Post by Bruce Black
FYI, SVC 26 is CATALOG. SVC 29 is SCRATCH. so in this case IEHPROGM
would issue SVC 29 (or possibly CVAF macros).
That depends on what you specify. If you give it the volser then it
only needs SCRATCH; if you don't then it needs both SVC 29 and SVC 26.

--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Bruce Black
2004-05-17 13:36:43 UTC
Permalink
Post by Rick Fochtman
SCRATCH VTOC,.....
So IEHPROGM SCRATCH VTOC scratches all datasets on a volume. I can do
that with IDCAMS or JCL. IEHPROGM just makes it easier. Note that it
doesn't scratch VSAM (it doesn't exactly say so, but it does say it
doesn't scratch datasets protected by a a password, and VSAM has the
password flag on).

Bruce Black

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Walt Farrell
2004-05-18 10:35:16 UTC
Permalink
Post by Rick Fochtman
-------------------------<snip>-------------------------
I give up. What is it about IEHPROGM that would prompt one to restrict it?
---------------------<unsnip>-------------------------
SCRATCH VTOC,.....
You should find that the user's authority to all the data sets is
checked. Thus, if the user can do it via IEHPROGM he can also do it via
any other utility, one data set at a time.

I know of no reason to protect that utility.

--
Walt Farrell, z/OS Security Server Design, IBM

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
shmuel+ (Shmuel Metz , Seymour J.)
2004-05-18 13:22:31 UTC
Permalink
In <***@ccbe01.wnclients.com>, on
05/17/2004
Post by Rick Fochtman
SCRATCH VTOC,.....
Goes through normal RACF checking; you can't scratch anything with
IEHPROGM that you couldn't scratch without it. If you mean that it's a
fast way to delete a lot of your own data sets, the same is true of
any facility that allows wildcards.

--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Rick Fochtman
2004-05-18 11:52:27 UTC
Permalink
------------------------<snip>---------------------
It looks to me that you think the only danger is an APARable integrity
exposure. I assure you, I have enough RACF authority to be of danger
to myself and others, and I tend to think in terms of dataset-oriented
processes rather than volume-oriented processes. I should be allowed
nowhere near IEH utilities. That would be tantamount to painting
large targets on my feet and the feet of those around me.

Ok. I hopefully know enough to be careful, but should those in
charge of system integrity depend on that? Probably not.
------------------------<unsnip>----------------------------------
I disagree with that conclusion. Those of us in charge of system integrity
got there by exercising good judgement and common sense, as well as an
awareness of the responsibilities we hold. We need to deomonstrate those
qualities on a regular basis, to prove that we're worthy of the positions
we hold.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Bob Shannon
2004-05-18 11:54:08 UTC
Permalink
I should be allowed nowhere near IEH utilities.
Protect the data. Not the utility.

Bob Shannon

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Rick Fochtman
2004-05-18 12:00:55 UTC
Permalink
--------------------------<snip>-------------------
You should find that the user's authority to all the data sets is
checked. Thus, if the user can do it via IEHPROGM he can also do it via
any other utility, one data set at a time.

I know of no reason to protect that utility.
------------------------<unsnip>-------------------------
I don't either, but in my experience, it drives auditors wild! <G> Same as
AMASPZAP!

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
McKown, John
2004-05-18 13:08:21 UTC
Permalink
-----Original Message-----
Sent: Tuesday, May 18, 2004 7:00 AM
Subject: Re: BATCH Rename/delete PDS members w/STANDARD IBM
utilities ONLY
--------------------------<snip>-------------------
You should find that the user's authority to all the data sets is
checked. Thus, if the user can do it via IEHPROGM he can
also do it via
any other utility, one data set at a time.
I know of no reason to protect that utility.
------------------------<unsnip>-------------------------
I don't either, but in my experience, it drives auditors
wild! <G> Same as
AMASPZAP!
That's because most (not all) auditors today are "legalists". They have a
"check off" sheet of "problem areas" that they use. They have NO idea why
the entry is on this list. They just want it checked off. Hum, reminds me of
the point-n-click boys.

The worst request that I ever got from an auditor was something like: "List
ever possible exit available in MVS and all installed program products. Go
into detail as to what can be done with said exits."


--
John McKown
Senior Systems Programmer
UICI Insurance Center
Applications & Solutions Team

This message (including any attachments) contains confidential information
intended for a specific individual and purpose, and its' content is
protected by law. If you are not the intended recipient, you should delete
this message and are hereby notified that any disclosure, copying, or
distribution of this transmission, or taking any action based on it, is
strictly prohibited.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
Loading...