On Thu, 12 Jan 2012 21:32:52 +0000, Henke, George <george.he...@hp.com> wrote:
>It looks at it in addition, either before or after (still getting the facts) >going through the normal ACF2 validation process. > >Evidently to avoid the huge SAF call overhead of 1000's of SAF calls when >1000's of users all try to sign on at the same time and each one needs to be >verified access to 100's of applications. > >This would generate 1000's of SAF calls. The overhead would be prohibitive. > >So they created a workaround by putting the applications each user can access >into a batch file which the NETMENU session manager will access once per user >to validate the applications a particular user can access. > >It is a non-SAF ancillary not a substitute process wrt ACF2. > So maybe the ACF2 Pre-Validation exit is doing this? You can do similar things in RACF. If that is the case then the conversion to RACF missed considering the functionality in the ACF2 exit(s). What is your role / function in this? Security admin? It doesn't sound like you are the system programmer or one that has access to the source code and functions of this home grown session manager. Since it is home grown software, the answer probably will have to come from someone in-house who has access to the source code and understands what's being done working together with the sysprogs. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:m...@mzelden.com Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN