>There should be no risks at all to allowing application developers to >use IPCS.
This is surely true. Applications may take SYSMDUMPs for example. If you want people to be able to debug their applications, they will need to be able to use dump reading tools to read their dumps. And many things in SYSMDUMPs are captured that are not captured in SYSABEND or SYSUDUMPs (think storage above 2G). As others have posted, what is also true is that it may be very important to protect the data. It is usually not appropriate to give everyone read access to system dumps. But if you have read access to the dump, then using IPCS is not exposing anything that you could not (with some difficulty, admittedly, but doable) determine yourself. And as Ed Jaffe mentioned, with the "ACTIVE" option, in the absence of security profiles that permit otherwise, the user cannot see anything that an unauthorized program in their address space could see. Peter Relson z/OS Core Technology Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
