On Wed, 22 Jun 2011 14:13:07 -0400, DanD <[email protected]> wrote:
>What IDCAMS function requires authorization? > >I wrote a program that uses SVC 26 to simulate IDCAMS "DELETE xxx ALIAS" and >it worked without any authorization. >Yes, I know...the SVC 26 parameter list is not documented for customer use. > >The only request that I have run into that requires authorization is >SUPERLOCATE to obtain all the volumes for a given data set. >Even that can be circumvented by issuing a regular LISTCAT with an >appropriate CTGFL and a large format 2 work area. I know that DELETE ... ALIAS requires (or required) APF-authorization; I don't know why. We've seen several customer PMRs where TSO users couldn't use DELETE to delete an alias because their TSO/E parmlib info didn't have DELETE specified to run with APF authorization. I believe that some other functions of IDCAMS also require APF authorization, but I don't know which ones (nor, again, what they're doing that requires it). -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
