On Mon, 5 Apr 2010 15:43:18 -0500 Martin Kline <[email protected]> wrote:
:>>You do not give them access to the target or distribution libraries. :>>That would prevent APPLY/ACCEPT. :>But you would give the same people update access to the PTS and CSI? :>Wouldn't that just make it possible for a determined person to create or :>modify a PTF so that the authorized person can implement it for them? :>For example, it would be fairly simple for a trained person to modify SMP input :>for a HIPER PTF to add JCLIN and a new CSECT that replaces almost any SVC :>on the system. They receive it to the PTS, the systems programmer installs :>the modified PTF, and unknowingly implements whatever security hole the :>originator wants. If he has access to the PTS or the RELFILEs he can do that already. Explain how granular access to SMP adds to security of the above datasets. :>For me, the SMP libraries are at most read only for anyone except the systems :>programmers. Agree. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
