That's interesting ! Thanks. You're right that C-S would not permit an anything in their system that would compromise security. They are managed very conservatively, which is why they suffered a lot less than the other major banks. They're also very serious about auditing and unlike most places, rectify the faults that audits turn up.
Regards, Jon IBM Certified zSeries Technical Specialist, Senior Systems Programmer RDO Americas - Workspace Security D: 212-325-4714 M: 519-500-7927 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Brian Peterson Sent: Friday, April 23, 2010 4:38 PM To: [email protected] Subject: Re: Turning on ACF2 SECURITY Privilege through an exit . . . My opinion.... There are bits in control blocks which will allow the access you seek. An exit, such as an ACF2 exit, would have authority to fiddle with those bits. The control block(s) involved are protected by storage protect key - thus to fiddle with those bits requires APF authorization and/or supervisor state. In other words, an overt customer action would be required to allow this to happen - an overt action to bypass integrity controls. In my opinion, a system upon which such an exit was permitted to be installed would be a system which cannot comply with IBM's Statement of Integrity for z/OS, and thus the advice from many on this list to you is absolutely correct. DO NOT TRY TO DO THIS. If you do so, you are compromising the integrity of your entire z/OS operating system. Given your email address, I would think your organization would not tolerate such a compromise - a deliberate circumvention of z/OS integrity which we on this list believe cannot be mitigated against. Brian On Fri, 23 Apr 2010 10:55:52 -0400, Bathmaker, Jon wrote: >Hi All, > >We have a need to grant security to a class of users they log on to a >specific app. We want them to lose it when they log off. > >Ideally there will be a nice exit somewhere where we can set the >security bit in memory just after the user has logged onto the app. >Thanks. > >Best Regards, >Jon Bathmaker ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html =============================================================================== Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html =============================================================================== ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
