On Mon, 20 Jun 2011 10:24:10 -0400, Shmuel Metz (Seymour J.) <[email protected]> wrote:
>In <listserv%[email protected]>, on 06/20/2011 > at 07:21 AM, Walt Farrell <[email protected]> said: > >>One caveat, though: some functions of DELETE require >>APF-authorization, and a non-APF program would not be able to call >>IDCAMS to perform those functions. > >If it's running under TSO and IDCAMS is in the authorized call list >then it can. True, but not if it simply LINKs or ATTACHes IDCAMS (which might be the immediate choice of most programmers). It would have to use IKJEFTSR, and then it would only work if running under TSO (foreground or background). -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
