Shared User



All about SAF, RACF, encryption, Firewall, Risk assessment and integrity concepts

Shared User

Postby hakghen » Thu Mar 25, 2010 6:37 pm

Hello fellow friends,

Just a question (and if possible, means to do it, parameters, etc). Is it possible to create a user in RACF that can have its access shared? By shared, I mean, multiple operators accessing that user at the same time? Sure they won't have alter or write access to anything, having only read access to very limited resources.

Well, that's it, thanks in advance ;)
[]'s,

Hakghen
User avatar
hakghen
 
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Shared User

Postby Robert Sample » Thu Mar 25, 2010 7:17 pm

Your question is too fuzzy to answer as stated. What do you mean by
multiple operators accessing that user at the same time?
Are you talking about multiple simultaneous TSO signons? Are you talking about multiple batch jobs using the the same RACF user id? Are you talking about console operators signing onto a terminal session manager?
Robert Sample
Global moderator
 
Posts: 3720
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 279 times

Re: Shared User

Postby hakghen » Thu Mar 25, 2010 8:10 pm

I meant multiple TSO logons at the same time ;)
[]'s,

Hakghen
User avatar
hakghen
 
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Shared User

Postby enrico-sorichetti » Thu Mar 25, 2010 8:36 pm

NO cannot be done
cheers
enrico
When I tell somebody to RTFM or STFW I usually have the page open in another tab/window of my browser,
so that I am sure that the information requested can be reached with a very small effort
enrico-sorichetti
Global moderator
 
Posts: 3003
Joined: Fri Apr 18, 2008 11:25 pm
Has thanked: 0 time
Been thanked: 164 times

Re: Shared User

Postby Constad » Thu Mar 25, 2010 9:36 pm

As Enrico stated, this isn't possible, but that isn't a RACF restriction, it's TSO that prevents this.

Dave
Constad
 
Posts: 4
Joined: Mon Feb 15, 2010 4:22 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Shared User

Postby dick scherrer » Fri Mar 26, 2010 1:22 am

Hello,

Is it possible to create a user in RACF that can have its access shared? By shared, I mean, multiple operators accessing that user at the same time?
This violates a very basic security "rule" most places. . .

Suggest conversation with the security admins would be productive. . .
Hope this helps,
d.sch.
User avatar
dick scherrer
Global moderator
 
Posts: 6268
Joined: Sat Jun 09, 2007 8:58 am
Has thanked: 3 times
Been thanked: 93 times

Re: Shared User

Postby hakghen » Fri Mar 26, 2010 11:14 am

Hello friends!

Yeah, after reading some basics I just found out... Noobish of mine :? It's a TSO limitation because every logon procedure runs on its own address space =/

Gotta find another way to do what I was planning to do. I was going to create a series of datasets and users would access and view them, but in the end they would need to write down and find the correct order of the sentence (they would find members with unconnected words inside them).

Is there another way to do it? (Via FTP or Telnet access...)

Well, thanks anyway!
[]'s!!
[]'s,

Hakghen
User avatar
hakghen
 
Posts: 59
Joined: Thu Sep 11, 2008 8:15 pm
Has thanked: 0 time
Been thanked: 0 time

Re: Shared User

Postby Robert Sample » Fri Mar 26, 2010 4:58 pm

Consult with your site security group. It should be possible for them to set up a high level qualifier with a universal access of READ which would allow anyone with TSO access to look at the data sets under that HLQ.
Robert Sample
Global moderator
 
Posts: 3720
Joined: Sat Dec 19, 2009 8:32 pm
Location: Dubuque, Iowa, USA
Has thanked: 1 time
Been thanked: 279 times


Return to Mainframe Security

 


  • Related topics
    Replies
    Views
    Last post