> Odd question. Is it possible to have APF/LNKLST libraries reported > or locatable by the RACF DSMON (Data Security Monitor) report, but > not listed in the SYS1.PARMLIB(PROG00) member?
Sure. Anything that was added dynamically is not going to show up in your PROG member. You can add both APF and linklist libraries via the SETPROG command and there are CSV* macro interfaces that vendor tools can (and many do) use for the same purpose. > The system is IPL'd daily, so I'm not sure if > there is a separate mechanism to activate APF or LNKLST libraries > outside the SYS1.PARMLIB process. You mean outside of NIP processing? Sure there is. The obvious place to look would be in IEACMDxx and/or COMMNDxx. Look for SETPROG commands being issued during the IPL. Browse the log from early initialization onward and you will probably see who/what is doing it. > I'm also unsure of the security > implications regarding such a mis-match. Probably none to be concerned with beyond the simple issue of not having a complete grasp of what is going on during or after IPL. You cannot get a dataset into the APF list, or linklist without being authorized. The fact you're seeing them there means than an authorized task or command did it. For completeness, you may want to track down how and why this is occurring, but it is probably no big deal - unless it turns out that the dataset(s) in question really shouldn't be there :-) CC ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
