Peter,
Thank you for the explanation.
However I think the same "problem" exists with ID(*) and LNKLST.
Regarding undefined users - BATCHALLRACF should be enough. And AFAIR
NODES class could be set up to reject such jobs.
However it is still minor issue, IMHO - the job would use some
resources, that's all. I would not expect DDOS-like attack. NJE is not
Internet with thousands of anonymous attackers.
Regards
--
Radoslaw Skorupka
Lodz, Poland
W dniu 25.06.2024 o 15:46, Peter Vander Woude pisze:
R.S.
One of the reasons to use ACCESS(READ) ID(*) and not UACC(READ) would be that
the first forces the user accessing the programs to actually be a racf userid.
I believe, that if you have a job, come across via NJE, it is possible that the
submitting system did not provide a userid, and would then get assigned the JES
UNDEFINEDUSER userid (which should not be an actual racf userid).
That right there would deny the job from accessing datasets with UACC(NONE)
and ACCESS(READ) ID(*). whereas UACC(READ) would allow that job (if it were
allowed to execute of course), to access that dataset.
Peter
On Mon, 24 Jun 2024 12:48:42 +0200, Radoslaw Skorupka<[email protected]>
wrote:
This is the way (one of few) to do this.
In other words HOW to do this.
However it doesn't answer WHY to do this.
I still don't know any *reasonable* justification for UACC(NONE) for
linklisted libraries.
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
