On Wed, 26 Sep 2007 13:40:58 -0500, LAMARE Didier <[EMAIL PROTECTED]> wrote: >IT is a good idea, but if a person has copied a CICS PDS under an another >name, we have a problem.
Perhaps, but your problem in that case was that you let them make the copy in the first place. They should have had EXECUTE authority to the library, or no (NONE) authority, to prevent such copying. Once someone has made a copy in a library whose name you do not know, you can not stop them from running that program, at least with RACF, unless you implement system exits to do so. Of course, in some cases (such as the main CICS modules I know of) they must run APF-authorized, and any such copies would not work since a user's copied library would not be APF-authorized. Thus you might not have anything to worry about. -- Walt Farrell, CISSP IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
