There is a difference between teaching someone how to do it and doing it. Teaching should include instructing on the circumstances where it is appropriate and the required precautions.
I agree that it is rarely appropriate, but there is IBM code that does so, with good reason. That code uses a documented interface, and any vendor code changing authorization status should use that interface and abide by its restrictions. I agree that user code should never directly turn JSCBAUTH on. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Peter Relson <[email protected]> Sent: Tuesday, November 19, 2024 7:46 AM To: [email protected] Subject: Re: Program Authorization: Unauthorized programs calling Authorized External Message: Use Caution <snip> There's nothing wrong with teaching someone how to turn on JSCBAUTH from code that is already supervisor mode or key 0-7. <snip> Actually there is something wrong with doing so. In almost all cases where you'd consider doing so, turning on JSCBAUTH when it has been off introduces a system integrity problem. It really needs to be set at the beginning of the step (as the ATTACH of the job step program accomplishes). It can be turned off. It should, in general, not be turned back on. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
