On Mon, 22 Aug 2022 15:45:53 -0500, Walt Farrell wrote:
>On Mon, 22 Aug 2022 09:47:44 -0500, Paul Gilmartin wrote:
>
>>Why is such specific authorization required? Is there some
>>associated hazard or cost?
>
>If you're asking why she needs to run IDCAMS APF-authorized, it's because
>IDCAMS is normally run APF-authorized, and although some IDCAMS functions will
>work if the program is not running authorized, others (e.g., DCOLLECT) won't
>work without APF-authorization.
>
Understod,
>If you're asking something else, please clarify.
>
Why is there an AUTHPGM NAMES list at all? Why shouldn't it just be
* (everything)
???
I can imagine several reasons: Even some authorized programs might not
be trusted not to modify the WAITing TSO task (IKJEFTT09?), perhaps by
ALLOCATE REUS of a file TSO uses. Or by modifying TSO storage. Or
by monopolizing a scarce resource (such as a tape drive) during programmers'
think time. BTDT; alas no distinction is made between real tapes and virtual
tapes which are more likely to be plentiful.
Is the motive one of these, or something similar?
This feels like something that should be programmer-specific , such as a RACF
profile allowing Lizette but not me the facility.
--
hanks,
gil
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
