The argument that dynalloc is the problem strikes me as somewhat dubious. It was suggested that you need to restrict dynalloc because an allocated data set is a way to capture data that the user is already authorized to access.
That is not the "problem" statement; a data set might contribute to the possible bandwidth of an attack but it does not make the attack possible. If a user can access data, they can extract it in many ways (including writing it on a piece of paper). If a user can access data, the data should be considered exposed, to the extent that you do not trust the user. Peter Relson z/OS Core Technology Design
