Fine as long as you ensure that the PROTECTED userid is properly defined with the NOPASSWORD attribute. Without that attribute adding the TSO segment would allow logon to TSO using a default password (which is something like the group name). Prior to having the TSO segment any logon attempt would be rejected by TSO unless it was in UADS, so that is your only potential exposure.
On Thu, Apr 29, 2021 at 12:26 AM kekronbekron < [email protected]> wrote: > Hi All, > > Will xpost to RACF-L too... > Will it be ok to create a TSO segment (without a logon PROC) for a batch > ID that's PROTECTED? > That is, creating a TSO segment won't fudge with the PROTECTED status, in > any way, right? By forcing it to a password or some such. > > There's some functionality within a job step that's demanding that the > batch ID have a TSO segment and have access to OPER profile in TSOAUTH > class. > > - KB > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
