On Wed, Jul 24, 2013 at 10:09 AM, Lizette Koehler <[email protected]> wrote: > I might slightly disagree with removing the SAF and APF requirements. > > From a sysprog perspective, I can allow my applications groups access to LIST > functions but NOT REC/APP/ACC. This is beneficial. I do not mind if they > want to look, I just do not want them to touch. In fact I would encourage > them or anyone to be able to research fixes. > > I do not want them to be able to rec/app/acc fixes on my zones. > > If a shop wants to make it open, then just make UACC on the facilities open. > > And as for APF. It is another protection in the system. Since an APF > authorized library can control to some extent the ability to modify some > storage areas, I think this is also fine. Some of the functions in SMP/E > could be dangerous if allowed to run amuck. Now if Kurt Q. would chime in, > it would be helpful. But from my perspective, I am happy with how things > have become. I was not a supporter of the new facility classes, but now I am. > > Lizette > The files should have appropriate RACF authority defined on the files. I. E. z/OS files only updated by system programmers but readable by application programs. Application programmer files only updated by Applications programmers who work on that Application, etc.
A function that could impact the running system memory should need facility authorization. -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
