IBM Mainframe Forum

Hello Team,

I want to protect a user data set with RACF without being system-special authority. Please help me.

Thanks,
xy09.

Contact your site security person. If you don't have the authority to issue RACF commands, you need to get that person to issue the commands for you.

As Mr. Sample says, even if you can issue the RACF commands, there are so many options and ways to do this you are much better off getting assistance from the "pros." Hopefully they will do things the correct way for your site and set up the protection the way you want it done.

Dear XY09,

If not System Special can you please try having group special(Incase if the intended user is under your default group). You can issue ADDSD to protect your dataset but this access to be in effect then the RACF system programmers have to issue SETR GENERC(DATASET) REFR.

if the TS had had the need to know/do then the TS would not have had the need to ask
the setup would already have been done by the security support group
denying on Your/his/her access to datasets without the proper authorizations is usually cause for lawful termination !

I wonder why so many times some people just look at the lowly technicalities and completely
disregard/forget the organization/legal implications

I wonder why so many times some people just look at the lowly technicalities and completely
disregard/forget the organization/legal implications

Maybe because they want to protect the work they do, despite the fact that they are developing that work for their employer, on their employer's system, using their employer's resources, and getting paid by the employer?

jaggz wrote:Dear XY09,

If not System Special can you please try having group special(Incase if the intended user is under your default group). You can issue ADDSD to protect your dataset but this access to be in effect then the RACF system programmers have to issue SETR GENERC(DATASET) REFR.

Perhaps. However, it is extremely unlikely the TS has SETROPTS authority, and if he does the ADDSD wrong - all too likely - his user won't get the access he needs OR he'll screw up the ability of storage management to manage the data OR both.

In any event, ADDSD may not be necessary; if he's lucky some other command may be appropriate. Regardless, the TS can all too easily do it wrong. Better to go to people that hopefully will do it right the first time. That way his A is covered.

I wonder how an unprotected dataset got onto the system in the first place. Doesn't every site protect by default? If not - why bother!

It's not known whether the data is protected, or if the user does not have access. Two different issues.