> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[email protected]] On Behalf Of Tony @ Comcast > Sent: Friday, April 23, 2010 10:13 AM > To: [email protected] > Subject: Re: Turning on ACF2 SECURITY Privilege through an exit . . . > > Is this Friday humor or am I misinterpreting the question? > What's the point > of "losing it" after they log off. How could they possibly > access anything > after they log off (unless they submitted some batch jobs > while logged on?). > Should their batch jobs lose their authorization after EOJ? > > Where's my caffeine ?
Sounds to me more like: "When the user logs onto <this special app>, then they need to have <security authority> while they are logged via <this special app>." Which, to me, is similar to the PADS (WHEN(program)) for a user to have a specific authority to a dataset, but only when accessed via a specific program. Or, the user can do <something special>, but only via a specific application, while logged onto that application. An example might be: User BOZO normally has NONE access to profile SUPERUSER.PROCESS.KILL in the UNIXPRIV class. However, when BOZO logs onto the SYSMGR application, then they need to be granted READ access to that profile so that, from that application, they can do a KILL on any UNIX process. Of course, the OP might want to rephrase his question to be more like: "User BOZO cannot usually do <something> because they need access to <some profile>. However, we want BOZO to be able to do <something> while logged on to <application>. How can we grant BOZO the ability to do this?" If this were a UNIX process, what I'd say is that BOZO needs to have eXecute authority via an ACL to a setuid UNIX program. BOZO could then invoke the required UNIX program, which could do <something> because it, due to the setuid, would be executing under a different UNIX identity which would have the required access. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell [email protected] * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html

