>> >>>One could argue that letting you determine your access to resources >>>without actually trying to use them (and thus without causing audit >>>records) is a form of hacking. >> >>Perhaps, but some IBM code does exactly that, and for what seems to be >>good cause. I don't recall the details, but it was discussed here in the >>last few years. >> > >You may be thinking of ISPF 3.4 and data set name hiding or may be >thinking of ISPF 3.4 checking for ALTER access to the catalog. >
Following extracted from the CICS/TS RACF Security Guide: "2.7.6.2 Checking which transactions to offer a user You can use the QUERY SECURITY command to check whether a user is authorized to use a particular transaction before displaying the transaction code as part of an introductory menu. When you use the command for this purpose, you will probably want to avoid logging the checks for users who are not allowed to use certain transactions. To do this, use the NOLOG option." ...and the QUERY SECURITY command invokes a RACROUTE to perform this function. So CICS is documenting use of preemptive RACROUTE requests as reasonable design in presenting usable options on a user's menu. Randy Evans, Viaserv, Inc. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
