On 7/24/2006 4:27 PM, Craddock, Chris wrote:
However, program D00YAAI exists, lives in a library that is both
APF-authorized and concatenated in the //ISPLLIB concatenation, and
has AC=1. I can browse the load module, so I know it's there.
Editorial comment, "it should not be AC=1". It just needs to be in an
authorized library. The presence of ANY unauthorized library in a given
concatenation renders that entire concatenation unauthorized. I would
look there first.
It would need AC(1) in order for IKJEFTSR to invoke it APF-authorized.
Or do you base your editorial comment on knowing what D00YAAI does, and
thus some knowledge that it should not, in fact, run authorized when
invoked directly?
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
