IBM Mainframe Forum

by **chinkump** » Thu Apr 04, 2013 9:22 am

Robert Sample wrote:chinkump, site security policies are generally set to allow access to protected resources (such as data sets) to those who need that access and prevent access to those who do not need the access. You have posted on this forum a number of questions basically asking how to bypass security at your site. Either you are attempting to do things you have been asked to do (in which case your solution is to go to your manager and get your access changed to allow you to do things like HRECALL on data sets), or you are attempting to do things that you are not allowed to do (in which the site security policy is working precisely as it is intended to do).

Asking for help in breaking site security on a forum is NOT a career-enhancing move. You need to either talk to your manager to be granted more access, or stop trying to access things you are not allowed to do at your site, or find a different job. The number and tone of the posts you have made raise questions about your true goals and definintely you should be addressing your issues with your site security group and / or site maangement, not us.

by **enrico-sorichetti** » Thu Apr 04, 2013 11:12 am

I am trying to be proactive, and warn about and then deny the security violation happens !

while I agree with being proactive - just to add some more protection for the fat fingers syndrome

Your second objective is inconsiderate, since Your approach is not certified by the audit group
You are not in the position to deny anything, RACF reigns .
( there are gazillions of dat sets protected, and It will be difficult to keep in sync Your table with RACF )
so You should expect some violations

on the other side too many violations are just a symptom of carelessness of the users.

by **Robert Sample** » Thu Apr 04, 2013 2:33 pm

If I were a member of the site security group at your site, and I heard what you are trying to do, your employment would not last long. Call it "proactive" or whatever you want to call it -- you are wanting to prevent security access violation messages when a security access violation occurs, and that is attempting to bypass the security software's functions, period. No auditor I have worked with would sanction such activity as it goes counter to a number of principles of data center operation.

by **enrico-sorichetti** » Thu Apr 04, 2013 2:45 pm

you are wanting to prevent security access violation messages when a security access violation occurs,

there is a language barrier here ...
the TS does not want to hide the message, he simply wants to prevent access himself
a quick and dirty remedy for the fat finger syndrome

and when I said

it seems to me that the TS is trying to be proactive, and warn about and then deny the access before it happens !

he confirmed it

and the best way to do it is not even to show the datasets in the datasets list using the proper ISPF exit
what You do not see it does not bite You in the ***

IBM Mainframe Forum

Alternatives of HRECALL and I

Re: Alternatives of HRECALL and I

Re: Alternatives of HRECALL and I

Re: Alternatives of HRECALL and I

Re: Alternatives of HRECALL and I