--------------------------------------------<snip>----------------------------------------
Rick,
Can you list the tool which need to be controlled at PROGRAM level?
I'm curious.
------------------------------------------<unsnip>------------------------------------
I was unaware that AMASPZAP called the SAF. I was thinking more of
thinkgs like IEHPROGM.
I was once called upon to provide AMASPZAP to applications and database
staffs. Since I had a source, I removed everything related to VTOC
zapping and placed the modified version in a UN-authorized library.
Everybody, including auditors, was happy with that solution.
--------------------------------------<snip>--------------------------------
Regarding AMASPZAP and Ed's mail:
The problem is not related to AMASPZAP. Completely! You mentioned that
sysprog *copied* it to another APF library (or even the same, under
new member name) - in this case PRGRAM protection no longer works! The
security breach is an update to APF library, not lack of PROGRAM
protection. AMASPZAP is powerful tool but all the functions are under
SAF control.
----------------------------------------<unsnip>---------------------------------
Correct. Update access to APF libraries MUST be controlled and limited
to trusted staff, with full auditing and review.
--
Rick
--
Remember that if you’re not the lead dog, the view never changes.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
