On Wed, 9 Apr 2014 11:06:22 -0500, Elardus Engelbrecht wrote: >Tom Marchant wrote: > >>>... most installations (including us) use program protection to restrict >>>users of these utilities. > >>Protecting AMASPZAP and ADRDSSU is, in my opinion, not a good way to protect >>data from them. > >Agreed. Protect the resource (data), not the method (program). >... >Of course, protect your datasets + catalogs. > I generally agree. However, any APF-authorized program has a risk of bugs. Consider the horrible thing that was done to SMP/E a few years ago because of a newly recognized security flaw.
Is there any way to limit authorized invocation of a utility to selected users and allow all others to invoke it unauthorized? Of course a copy could be installed in a non-authorized library. (Several years ago, I discovered that SMP/E worked pretty well unauthorized as long as I avoided functions that invoke IEBCOPY (I know), ahd used NOWAIT on all my DDDEFs. Don't know about AMASPZAP; skeptical about ADRDSSU. But I disagree strongly with those who will probably argue here that only storage administrators have justifiable use for ADRDSSU. Elitism.) -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
