ACF2

 View Only

  • 1.  GSO NOTEMPDSN --> TEMPDSN change

    Posted Jun 14, 2019 01:01 PM
    ​When making this GSO change (NOTEMPDSN to TEMPDSN), has anyone run into an "gotcha's"?  Any process to follow, etc.?

    ------------------------------
    Barry Schrager
    Vice President
    Bank of America
    ------------------------------


  • 2.  RE: GSO NOTEMPDSN --> TEMPDSN change
    Best Answer

    Broadcom Employee
    Posted Jun 14, 2019 05:14 PM

    Hi Barry,

    Apart from writing rules for access to temporary datasets, there are no

    other implications or cotchas.

    regards,
    Ross

    ACF2

    Broadcom Support


    Original Message


  • 3.  RE: GSO NOTEMPDSN --> TEMPDSN change

    Posted Jun 17, 2019 03:55 PM

    Ross,

     

    What rules for temporary datasets are you talking about?

     

    Thanks,

     

    Barry

     

     

    Barry Schrager

    VP – Specialist, Information Security

    Barry.Schrager@BofA.com

    (970) 331-1143

     




    Original Message


  • 4.  RE: GSO NOTEMPDSN --> TEMPDSN change

    Broadcom Employee
    Posted Aug 14, 2019 12:34 PM
    Hi Barry,
    According to documentation 
    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-mainframe-software/security/ca-acf2-for-z-os/16-0/administrating/administer-records/global-system-option-records-gso/ca-acf2-options-specifications-opts.html
    TEMPDSN|
    NOTEMPDSN
     
    Specifies whether CA ACF2 should enable temporary data set protection. Normally, temporary data sets can only be accessed by the job using them. However, in some cases, temporary data sets can be left allocated on a storage device after the job has terminated. CA ACF2 rules cannot be easily written to protect temporary data sets because the high-level qualifier of such data sets is dynamic.
    Default:
     NOTEMPDSN
    TEMPDSN lets you protect temporary datasets allocated to DASD. When this option is enabled, only the job that created the temporary data set can access it. If CA ACF2 detected a user accessing a temporary data set which the user does not own, normal data set access validation occurs. A user must have the NON-CNCL or similar privilege to scratch such data sets.

    Please let me know if you have any futher questions on this subject.
    regards,
    Ross
    Original Message