On 4/18/2007 8:37 AM, Mark Zelden wrote:
Too bad WHEN(SYSID(nnnn)) is only valid for the program class. Wonder why.
The usual reasons, basically.
At the time we developed WHEN(SYSID...) we had an urgent requirement for
it for the PROGRAM class. Implementing the more general solution would
have cost us more in resources (people) than we had available just then,
given the other items we needed to do, so we implemented only the more
limited solution.
Feel free to submit a requirement.
In the meantime, using separate proclibs for the different systems is
probably the simplest solution, though I sometimes suggest a different
method that requires a small bit of programming but simplifies
maintenance of the logon procs by keeping just one copy of them:
(a) write an APF-authorized, non-LPA program.
(b) that program will simply XCTL to IKJEFT01, passing the original
registers.
Then change the logon procs to run that new program rather than
IKJEFT01, and use PROGRAM control for the new program, with WHEN(SYSID...).
If you have the case of some procs that should be usable on any system,
you can leave them directly executing IKJEFT01.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
