On Sat, 21 Jun 2025 12:03:45 -0500, Paul Gilmartin <[email protected]> wrote:
>Nowadays the supported interface for invoking an authorized program >is BPX1EXM. Alas, it does not propagate ENQs, so can not propagate >allocations. I'm not familiar with BPX1EXM but it must be more difficult than calling an APF AC(1) module. Maybe some sort of RACF auth for each program? Something has to be protecting this otherwise the auditors would be all over it. I believe the TSO alternative is TSO CALL. Maybe one of the REXX commands (e.g. LINKMVS) provides this functionality. >> >> ... The ability to run APF authorized TSO commands or programs is >> not documented at all. ... >> >Is this "Security by obscurity"? Does the TMP employ a 'magic number" >to run APF authorized TSO commands or programs? Or merely economy >of omitting superfluous material to irrelevant clients. This is a fully secured API. Very few AUTHPGM's are defined. I suspect the documentation is buried where experts most likely will find it. No sense in encouraging it's use by people who don't fully understand it. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
