On Thu, 30 Aug 2007 14:22:05 -0500, Tony Harminc <[EMAIL PROTECTED]> wrote:
>TSO's sending of a WTO message with route code 11 to the TSO terminal is >controlled by the WTPMSG option of the PROFILE command. Usually you want to >see the WTPs, but this might be a case where you want to suppress them. > >As you say, the security product might be going out of its way to issue a >TPUT directly, but it seems an unlikely way of doing things. > Perhaps you consider it unlikely, but that's exactly what RACF does in some cases (such as this one). When we have a message we definitely want a TSO user to see, such as the messages we issue during logon, we use TPUT because: (a) we can't count on the user having specified WTPMSG and (b) it's not clear that TSO/E has setup the WTPMSG processing that early. With the move of the VERIFYX processing for job submission into the TSO user's address space (as JES now does) that could easily lead to the security product using TPUT for those messages, too. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
