Re: JES2 and $VS RACF protection

[R.S.]

Michael Babcock wrote:
What is the process for checking commands entered when using $VS?  I can 
protect the use of $VS using the JES2.$VS profile but there doesn't 
appear to be any granularity for which commands can be entered.

Let's say the following is found in JCL.

/*$VS,ROUTE node1,someCommand
JES2 checks the $VS profile and if allowed with let the command proceed. 
But, does MVS/RACF also check to see if you have authority to 
MVS.ROUTE.CMD?
Yes.

Or is the check bypassed since you had auth to $VS?
No. I remember a case when $VS was allowed, but MVS command "inside" not.

Also, to protect the /*ROUTE XEQ node1 command, I need the WRITER class 
active with a profile of JES2.NJE.node1, correct?
It depends on system and mean of protection.
WRITER can protect sending system (who can send something over NJE). 
However IMHO the most important in this scenario is receiving system. On 
this system protections is through NODES profile. I don't remember exact 
profile, but this one for commands contain RUSER qualifier.

HTH
--
Radoslaw Skorupka
Lodz, Poland


--
BRE Bank SA
ul. Senatorska 18
00-950 Warszawa
www.brebank.pl

Sd Rejonowy dla m. st. Warszawy 
XII Wydzia Gospodarczy Krajowego Rejestru Sdowego, 
nr rejestru przedsibiorców KRS 0000025237
NIP: 526-021-50-88
Wedug stanu na dzie 01.01.2007 r. kapita zakadowy BRE Banku SA (w caoci 
opacony) wynosi 118.064.140 z. W zwizku z realizacj warunkowego 
podwyszenia kapitau zakadowego, na podstawie uchwa XVI WZ z dnia 21.05.2003 
r., kapita zakadowy BRE Banku SA moe ulec podwyszeniu do kwoty 118.760.528 
z. Akcje w podwyszonym kapitale zakadowym bd w caoci opacone.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html