In
<!&[EMAIL PROTECTED]>,
on 05/24/2006
at 08:50 AM, Ray Mullins <[EMAIL PROTECTED]> said:
>This sort of makes sense, though, if you think about how the command
>is being processed. DB2 commands are routed via the SSI prefix
>character(s), so my take is that this occurs before MVS command SAF
>(being generic, here) checking. If DB2 did things right (ahem) and
>used MODIFY (like many other data base, TP monitor, and server
>products), then SAF could protect through the command facility (thou
>shalt not perform MODIFY against *MSTR, for example).
That wouldn't help, because as far as MVS is concerned the MODIFY text
is an undifferentiated blob intelligible only to the receiving
program. You *don't* want to have a single profile for all DB2
commands, so the right thing to do is for DB2 to call SAF for each
command and support distinct profiles.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
