Shmuel Metz (Seymour J.) wrote:
In <listserv%[email protected]>, on 01/26/2009
at 05:16 PM, Andy Wood <[email protected]> said:
Without a better understanding of what you are trying to do
As I wrote in my original message, I'm trying to get hard coded tests of
specific substrings of the job name, used to determine authorization to
use specific JOB, EXEC and DD parameters, out of IEFUJV and into the
security data base. I'll be lucky if I'm allowed to change the mechanism;
changing the policy isn't going to happen, at least not any time soon. I
wish it were otherwise.
Shmuel
I think you should forget about trying to use the UID, I think you will really struggle to achieve
what you want by this method, (espcially as you dont have any spare 8 byte fields available!)
However..
How about just using normal resource rules but with a SOURCE() value of the jobname, and a generic
UID... then in your IEFUJV you just call ACF2 and specify the resource name (format is entirley up
to you) and set the SOURCE to 'jobname'. Then, if the ACF2 resource rules are coded with UID(*)
and SOURCE(jobname) you can validate against them based on jobname
As an example..
create a new Resource key, say UJV,
and then create resources like so
$KEY(EXEC.IEFBR14) TYPE(UJV)
UID(*) SOURCE(JOBP1) ALLOW
$KEY(EXEC.IEDCAMS) TYPE(UJV)
UID(*) SOURCE(JOBP1) ALLOW
$KEY(DD.SYSUT1) TYPE(UJV)
UID(*) SOURCE(JOBP*) ALLOW
(these might not be syntactically correct.. its been a while since I've done
much ACF2!!)
Cheers
Roy
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
