APF authorization or superuser authority is the keys to kingdom. Any program granted those privileges must be very carefully designed, written, and tested, and tested, and .... with paranoia. If there were granular types of authorization, it seems that you to should be able only grant a program the authority it needs to get its job done. Of course, it could too granular so that you're spending all your time trying to figure out what needs to be granted. However, somewhere between those two extremes there is bound to be a good compromise. Pinch me, I must be dreaming.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Paul Gilmartin Sent: Wednesday, April 07, 2010 2:56 PM To: [email protected] Subject: Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use On Wed, 7 Apr 2010 15:42:31 -0300, Clark Morris wrote: > >The second is the question of APF authorization. I believe that one >of the longer term goals should be to remove the need for APF >authorization from all utilities where at all possible. The >requirement that IEBCOPY be APF authorized probably should have been >removed 20 - 30 years ago since a competitive product seems to be able >to do without it. Should IDCAMS need to be APF authorized in order to >function. Is IEBCOPY the only reason that SMP/E needs to be APF >authorized? If not, can changes be made to eliminate the need? > No. There's also S99WTDSN. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
