Re: Heads Up: APAR IO11698 - New SAF FACILITY class definition required for any SMP/E use

[R.S.]

W dniu 2010-04-13 21:32, Elardus Engelbrecht pisze:
Walt Farrell wrote:
Binyamin Dissen wrote:

:>Users who are granted access to these resources have the potential to
undermine system security regardless of any data set protections you may
have in place.
Now that IS scary. It seems to imply that SMP bypasses data set security.

No, it does not imply that.  You may, of course, infer that, but you'd be
wrong :)

It is the CALLER of RACF, for example in this case, SMP/E, which may or may
not bypass data set security!

Think, for example, DFDSS which bypass normal checks if you have access to
ADMINISTRATOR keyword on some of its commands via some STGADMIN
profiles in class FACILITY.

Bad example. Or rather good example but proves different opinion. DSS do 
bypass normal dataset check, but it's NOT resource manager for DATASET 
class.

--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2009 r. kapita zakadowy BRE Banku SA (w caoci 
wpacony) wynosi 118.763.528 zotych. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchway XXI WZ z dnia 16 marca 
2008r., oraz uchway XVI NWZ z dnia 27 padziernika 2008r., moe ulec 
podwyszeniu do kwoty 123.763.528 z. Akcje w podwyszonym kapitale zakadowym 
BRE Banku SA bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html