On Tue, 27 Apr 2021 23:00:17 +0300, Itschak Mugzach wrote:
>
>Try it. no special authority is needed to use this service. All other racf
>interfaces, including irrxutil are protected by racf profile and scope.
>
>*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
>Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
>and IBM I **| *
>
If that's true, then any user could use the underlying RACF services,
bypassing OMVS and Rexx. What would IBM say?
Or is the request made via the OMVS address space which may have
special privileges?
>*| **Itschak Mugzach | Director | SecuriTeam Software **|** IronSphere
>Platform* *|* *Information Security Continuous Monitoring for Z/OS, zLinux
>and IBM I
On Tue, 27 Apr 2021 08:29:30 -0500, John McKown wrote:
>
> ..., I think this SYSCALL eventually ends up
>doing either an R_ADMIN or an RACXTRT to do its work. And those have RACF
>profiles to control them (I think).
>
>But having done all that, it is a PITA & I would hate to try to do it for
>all of the SYSCALLs. Oh, during this, I found the IRRXUTIL which is another
>way to do this. And, of course, the RACF CALLABLE services which can be
>used in HLLs to do this. {whew}
-- gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
