Idea Details

Granular RACF protection for vantage

Last activity 2 days ago
Daniel Drayton's profile image
11-06-2019 11:28 AM

Our shop is currently fixated on security measures and "elevating" ourselves to do specific functions deemed risky.

 This means we have had to look at what vantage can "do" and lock away anything that can be deemed as a risk... the RACF that protects vantage is out of date 30+ years and with times changing i believe it's time to take a look at the SYSSSM.FUNC profiles and split up what objects they protect (add more profiles to protect certain actions/objects instead of sticking numerous functions under the control of one profile).

Currently with my standing access i'm unable to view certain things for example: "all scripts loaded", or the "run schedules" because the same RACF profile that protects them also protects the ability to create and run scripts which is deemed dangerous and requiring us to elevate our access via a change record and being connected to a RACF group which has that access. 

so basically I think the RACF for vantage seriously needs an overhaul because it's very out of date with todays business needs.