Why on earth would one write an SVC to put an address into authorized state when the SVC can do authorized stuff already.
I know that it isn't right. Everyone says very clearly NOT to do it. Besides the obvious, as Peter has pointed out, it is just something that you don't do, it is simply violating the "rules" of the system. I get that. Maybe that is simply enough reason. Racf or not. And, in my opinion (as a complete novice), a sandbox is no excuse. There was a Rexx assembler function that wrote SMF records. And it used the "magic" SVC. I quite easily converted it to use BPXSMF, and with all the proper RACF authorization. I didn't have to make _that_ many changes. My question was that if you have an SVC that does stuff, can it use RACF to check if a user has permissions? Based on your kind replies to my query, the answer is yes. One of these days I'll write my first PC routine. And you guys will very kindly help me. :-) (I hope) //*Lindy ________________________________________ From: IBM Mainframe Discussion List [[email protected]] On Behalf Of Shmuel Metz (Seymour J.) [[email protected]] Sent: 22 December 2010 15:51 To: [email protected] Subject: Re: Authorized Rexx Assembler Function An SVC that checks SAF and performs a narrowly delimited function if authorized is fine. An SVC that turns on JSCBAUTH is an invitation to disaster. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
