Tim Hare of the IBM Mainframe Discussion List <[email protected]> wrote on 04/04/2007 02:48:09 PM:
> RACF does not protect individual members - and I don't see how Top Secret > does either. SAF is called from OPEN, which is a dataset-level, not > member-level function. Top Secret could of course intercept BLDL and STOW > to provide some sort of member security - but I think those intercepts > would have a performance penalty given all of the PDS searches in an MVS > shop, and of course there are always programs which don't bother with BLDL > to worry about. > > I am not a RACF "expert" (I'll leave that to Walt and Russ and others) but > reasoning tells me member protection can't be 100% - too many ways around > it. I went to an ACF2 presentation in the late 1990's about member level protection, and IIRC, ACF2 checks the CCHHR address somewhere in the EXCP process. Regards, John Kalinich Computer Sciences Corp ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
