On 3/10/2006 11:08 AM, Wayne Driscoll wrote:
As Walt mentioned, ACEE's are not propagated (in retrospect, might not have
been the best choice, but its way to late in the game to change).
We changed it in the WLM server environment, where we felt we could
safely make such a change.
The original requirement for task-level security came from a server
environment that could guarantee it had a single level of task, and the
desire/need for propagation was not foreseen.
I'll also point out that setting up task-level security (as Miklos
wants) really only works, in any case, when the server only runs code
provided by the server. It does not work (due to lack of isolation
between users) if the server is running user-provided code.
In the cases where the server is running its own code, and is running
authorized, it can ensure either that (a) it does not do ATTACHes of
subtasks, or that (b) it re-establishes the proper security environment
after subsequent ATTACHes of subtasks.
But for the WLM case, we decided we could make the necessary processing
easier by doing the propagation.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
