Check out CBT file 165 (www.cbttape.org). Craig Yasuna wrote a functional ESM that shows you how to handle the SAF calls and returns.
Regards, Michael Joseph Sr. Systems Engineer Blue Hill Data Services | Fully Managed Data Center Hosting Solutions -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Charles Mills Sent: Wednesday, May 4, 2022 1:21 PM To: [email protected] Subject: Re: SAF without an ESM EXTERNAL EMAIL: Do not reply, click links, or open attachments until you verify the SMTP address (sender @domain.com) next to the display name is a trusted address. My impression is that it does whatever you want it to do! That is, it either permits everything, or you get to write your own rules; write your own ESM, essentially. You need to write the part that SAF calls, and of course you also need to come up with some sort of administration, some way to configure what you have written. Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of zMan Sent: Wednesday, May 4, 2022 9:51 AM To: [email protected] Subject: SAF without an ESM On https://www.ibm.com/docs/en/zos-basic-skills?topic=zos-what-is-saf , IBM says: > System authorization facility or SAF is an interface defined by MVS™ > that enables programs to use system authorization services to control > access to resources, such as data sets and MVS commands. SAF either > processes security authorization requests directly or works with > RACF®, or other security product, to process them. Someone on r/mainframe asks what SAF does without an ESM. I'm thinking "not much", but the last sentence above sort of suggests otherwise--unless "SAF either processes security authorization requests directly" means "returns RC=0 in all cases", in which case it would be accurate but IMHO overly vague. Thoughts? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
