Arthur is correct. Back at my JCP days, that is one reason they broke the "SYSPROG" job into 3 different jobs. You had the assembler programers who wrote the exits and any assembler user-mods or in-house applications; the SMP jockeys that applied IBM maintenance and also tested the assembler exits from the programmers and put together the production libraries, and finally the Operations sysprogs that actually moved the libraries given them by the SMP jockeys into production. No one person was authorized to do it all; and technically there were checks at each step to make sure that nothing "special" was moved forward.
Of course, it would still have been possible for the assembler programmer to move an exit into production that granted him special authority; but since that programmer didn't even have a good usable ID on the other systems it would not have done him a lot of good. It would require at least 2 people to do something "outside" the norm. Russell On 09/09/13, Arthur T.<[email protected]> wrote: On 9 Sep 2013 17:21:22 -0700, in bit.listserv.ibm-main (Message-ID:<[email protected]>) [email protected] (Clark Morris) wrote: >On 9 Sep 2013 07:41:42 -0700, in bit.listserv.ibm-main you >wrote: > >>I once enquired into the question <snip> >>Sysprogs, even disgruntled ones, have not usually been >>problematic in >>mainframe shops; and it is well that this is the >>case. Anyone who >>makes much use of locks needs locksmiths too. > >This brings up the very interesting question of whether a >senior >mainframe systems programmer would be able to take as much >information >from his/her installation as Edward Snowden seemingly has >from the >NSA. If so, is it in the nature of the job or was someone >lax within >the NSA organization? If you have write access to an APF library, you can read from and write to any dataset. If people were suspicious of you, your accesses could be found out after the fact. If you're very good or very sneaky, even post-access auditing won't find out what you've done. No, I won't explain how. I'll leave it as an exercise for the student, who will likely get caught, fired, and maybe indicted. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
