I would never suggest directly turning on JSCBAUTH. If you must switch authorization state, relegate the code to a subtask, use RSAPF=YES and follow all of the documented restrictions.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Binyamin Dissen <[email protected]> Sent: Tuesday, November 19, 2024 1:13 AM To: [email protected] Subject: Re: Program Authorization: Unauthorized programs calling Authorized External Message: Use Caution On Mon, 18 Nov 2024 16:12:02 -0600 Steve Beaver <[email protected]> wrote: :>Seymour I didn't disagree however teaching anyone how to turn on the JSCBAUTH bit is stupid If someone has authority to update APF libraries, telling him about the fully documented JSCBAUTH bit is a nothing burger. You need KEY0 to do it, and if you have KEY0 you can pretty much do what you want. Of course setting it, like setting DEBAPFIN or using TPROT to verify the key of storage and then using KEY0 to update it, it is a bad idea - there are better ways to use granularity to provide the business need without kicking over the barn. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com/ Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
