Shared User

All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts
Post Reply Previous topicNext topic
User avatar
hakghen
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Skillset: Junior level on z/OS basic tools, DB2, CICS and WebSphere MQ. Also some knowledge on JCL, REXX, Assembler and some other programming languages.

I also know how to make a good coffee and fry eggs, lol =P
Referer: Google
Contact:
Contact hakghen

Shared User

Postby hakghen » Thu Mar 25, 2010 6:37 pm

Hello fellow friends,

Just a question (and if possible, means to do it, parameters, etc). Is it possible to create a user in RACF that can have its access shared? By shared, I mean, multiple operators accessing that user at the same time? Sure they won't have alter or write access to anything, having only read access to very limited resources.

Well, that's it, thanks in advance ;)
[]'s,

Hakghen
Top
Robert Sample
Global moderator
Posts: 3720
Joined: Sat Dec 19, 2009 8:32 pm
Skillset: Systems programming, SAS, COBOL, CICS, JCL, SMS, VSAM, etc.
Referer: other forum
Location: Dubuque, Iowa, USA

Re: Shared User

Postby Robert Sample » Thu Mar 25, 2010 7:17 pm

Your question is too fuzzy to answer as stated. What do you mean by
multiple operators accessing that user at the same time?
Are you talking about multiple simultaneous TSO signons? Are you talking about multiple batch jobs using the the same RACF user id? Are you talking about console operators signing onto a terminal session manager?
Top
User avatar
hakghen
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Skillset: Junior level on z/OS basic tools, DB2, CICS and WebSphere MQ. Also some knowledge on JCL, REXX, Assembler and some other programming languages.

I also know how to make a good coffee and fry eggs, lol =P
Referer: Google
Contact:
Contact hakghen

Re: Shared User

Postby hakghen » Thu Mar 25, 2010 8:10 pm

I meant multiple TSO logons at the same time ;)
[]'s,

Hakghen
Top
enrico-sorichetti
Global moderator
Posts: 3006
Joined: Fri Apr 18, 2008 11:25 pm
Skillset: tso,rexx,assembler,pl/i,storage,mvs,os/390,z/os,
Referer: www.ibmmainframes.com

Re: Shared User

Postby enrico-sorichetti » Thu Mar 25, 2010 8:36 pm

NO cannot be done
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
Top
Constad
Posts: 4
Joined: Mon Feb 15, 2010 4:22 pm
Skillset: RACF
Referer: Colleagues and peers

Re: Shared User

Postby Constad » Thu Mar 25, 2010 9:36 pm

As Enrico stated, this isn't possible, but that isn't a RACF restriction, it's TSO that prevents this.

Dave
Top
User avatar
dick scherrer
Global moderator
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am

Re: Shared User

Postby dick scherrer » Fri Mar 26, 2010 1:22 am

Hello,

Is it possible to create a user in RACF that can have its access shared? By shared, I mean, multiple operators accessing that user at the same time?
This violates a very basic security "rule" most places. . .

Suggest conversation with the security admins would be productive. . .
Hope this helps,
d.sch.
Top
User avatar
hakghen
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Skillset: Junior level on z/OS basic tools, DB2, CICS and WebSphere MQ. Also some knowledge on JCL, REXX, Assembler and some other programming languages.

I also know how to make a good coffee and fry eggs, lol =P
Referer: Google
Contact:
Contact hakghen

Re: Shared User

Postby hakghen » Fri Mar 26, 2010 11:14 am

Hello friends!

Yeah, after reading some basics I just found out... Noobish of mine :? It's a TSO limitation because every logon procedure runs on its own address space =/

Gotta find another way to do what I was planning to do. I was going to create a series of datasets and users would access and view them, but in the end they would need to write down and find the correct order of the sentence (they would find members with unconnected words inside them).

Is there another way to do it? (Via FTP or Telnet access...)

Well, thanks anyway!
[]'s!!
[]'s,

Hakghen
Top
Robert Sample
Global moderator
Posts: 3720
Joined: Sat Dec 19, 2009 8:32 pm
Skillset: Systems programming, SAS, COBOL, CICS, JCL, SMS, VSAM, etc.
Referer: other forum
Location: Dubuque, Iowa, USA

Re: Shared User

Postby Robert Sample » Fri Mar 26, 2010 4:58 pm

Consult with your site security group. It should be possible for them to set up a high level qualifier with a universal access of READ which would allow anyone with TSO access to look at the data sets under that HLQ.
Top
Post Reply Previous topicNext topic
  • Similar Topics
    Replies
    Views
    Last post

Return to “Mainframe Security”