Access level of fetch prevents reading, therefore copying. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Ed Gould Sent: Thursday, February 16, 2006 10:18 PM To: [email protected] Subject: Re: Redirecting Software Functionality
On Feb 16, 2006, at 10:07 PM, tony babonas wrote: > I hasten to clarify, we restrict program usage, in our > case SAS, by restricting the load library from which it > is executed, for example our permission was written as > follows: > > TSS PER( SASPROF ) DSN( HLQ.SAS.LOADLIB ) ACCESS(FETCH) > SYSID(ESYS) > > Since our search algorithm is "merge, all merge" users > of SASPROF can only execute load modules from this > file, via only 1 lpar. Shops using "override, allover" > would be required to place SASPROF as the first profile > for each of its users. > > Sorry for the initial misstatement. > > tb Tony, I think SAS requires APF authorized library which you can control as well . If someone copies "sasprof" to another library(and renames it) (along with any other modules) and the SAS program doesn't need (apf) authorization it is still wide open, no? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
