On Thu, 22 Jan 2009 07:10:10 -0500, Shmuel Metz (Seymour J.) <shmuel+ibm-m...@patriot.net> wrote:
>ACF2[1] authorization is done by pattern matching of rules against an >installation-defined construct called the UID string. The fields in the >UID string come from the ACF2 logon id (LID) record. > >I'm dealing with an old IEFUJV that does a lot of cross checking of >different substrings of the job name and validation of EXEC and DD >statements based on the results. I'd like to move the volatile part of >that out of IEFUJV and into ACF2. > >So my question is whether including the job name in the UID string is >reasonable, and, if so, what the best approach to populating it is. > I think the answer is no, but I'm not sure I understand what you are trying to do. The UID string is not dynamic (well there is some form of dynamic UID IIRC using GROUP logon field). The characters that make up the UID prefix the logonid/userid (which is part of the UID) and good rules shouldn't be written to be specific to the userid portion of the UID. So are you proposing that your UID string look something like this (of course this is a made up example): Field Len ----------- ---- ------ DIVISION 2 static DEPARTMENT 3 static FUNCTION 3 static JOBNAME 1-8 dynamic LOGONID 1-7 static -- Mark Zelden Sr. Software and Systems Architect - z/OS Team Lead Zurich North America / Farmers Insurance Group - ZFUS G-ITO mailto:mark.zel...@zurichna.com z/OS Systems Programming expert at http://expertanswercenter.techtarget.com/ Mark's MVS Utilities: http://home.flash.net/~mzelden/mvsutil.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
