Giving access on a dataset for other user



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Giving access on a dataset for other user

Postby Sivapradeep » Thu May 10, 2012 8:05 pm

Hi,

I(TEST123) want to access a particular dataset of T12345 with READ access at beginning of my program execution and after finishing everything i want the READ access to be revoked on the dataset which i acquired READ permissions in begining.

for this i wrote two JCL for getting READ access and REVOKING access

//DATSETPR EXEC PGM=IKJEFT01,DYNAMNBR=20,REGION=512K
//SYSTSPRT DD SYSOUT=*                             
//SYSTSIN  DD  *                                   
  ADDSD 'T12345.OP.PS' UACC(NONE)                 
  PE  'T12345.OP.PS' ID(TEST123) ACCESS(NONE)     
//                                                 


for revoking the access i'm writing
//DATSETPR EXEC PGM=IKJEFT01,DYNAMNBR=20,REGION=512K
//SYSTSPRT DD SYSOUT=*                             
//SYSTSIN  DD  *                                   
  DELDSD 'T12345.OP.PS'                 
//                                                 


My whole idea is to get READ access on T12345.OP.PS and revoking that READ access at the end. Both has to be successful with MAXCC = 0.

Is the way what i wrote is correct ??
Sivapradeep
 
Posts: 35
Joined: Mon Mar 26, 2012 2:09 pm
Has thanked: 1 time
Been thanked: 1 time

Re: Giving access on a dataset for other user

 

Re: Giving access on a dataset for other user

Postby Robert Sample » Thu May 10, 2012 8:16 pm

I(TEST123) want to access a particular dataset of T12345 with READ access at beginning of my program execution and after finishing everything i want the READ access to be revoked on the dataset which i acquired READ permissions in begining.
Erroneous assumptions:
1) That RACF is designed to be used this way. It's not.
2) That you can grant yourself authority to a data set profile you do not currently have access to.
3) That there are no other protections that would override what you are attempting to do.
4) That there is some valid business reason you think you want one-time access to the data set.
5) That you can perform security functions at your shop without having a clue what you're doing.
Robert Sample
Global moderator
 
Posts: 3443
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 242 times

Re: Giving access on a dataset for other user

Postby dick scherrer » Thu May 10, 2012 8:26 pm

This appears to be the same question as the "surrogate" topic. . .

This one is locked. . .

d
User avatar
dick scherrer
Global moderator
 
Posts: 6304
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 92 times


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post