Walt Farrell wrote:
On 9/18/2006 7:51 PM, [EMAIL PROTECTED] wrote:
I am coming to suspect that the reason RETRY fails when I
invoke SMP/E from an EXEC under IKJEFT01 is that GIMSMP
is absent from AUTHPGM NAMES in SYS1.PARMLIB(IKJTSOnn).
I've put in a request to add it.
But, now I'm curious. Is there any good rationale that
any program with AC=1 in an authorized library shouldn't
run with APF authorization when CALLed from TSO.
We do not know of any integrity problems that would arise if you put
AC(1) IBM-supplied programs into the AUTHPGM list. (Note: The AUTHTSF
list is a different topic.) Generally it is more a question, I think,
of whether the program is doing something that you would want run under
TSO, given the dispatching priority of TSO users, and some environmental
characteristics (how long the user will be waiting while it runs, for
example) that determines whether you allow the programs to run under
TSO/E or not.
I think the problem would be relieved (without re-design) by supplying
complete list of AUTHPGM'd programs from IBM. Or claim that any IBM
AC(1) program can be safely put on AUTHPGM list. Otherwise it is hard to
answer auditors' questions "why .... is on the list".
Since it's not clearly documented (is it ?) , it can cause doubts and
questions.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
