Steve,
That’s what I am seeing, and IBM just confirmed it. I guess all we can do is
give the contractor a slap on the hands, and move on.
IBM comments:
Basically, authorization checking is done against the AIX being defined (ALTER
access to the AIX cluster name as shown in the table above) not the VSAM
dataset the AIX relates to. Checking against the related VSAM cluster will be
done when accessed by BLDINDEX.
So, this is working as intended and documented. If you wish, you could open an
'enhancement request' to have this behavior changed.
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President
[email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H
p 616.653.8429
f 616.653.2717
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf
Of Steve
Sent: Tuesday, September 13, 2016 9:33 AM
To: [email protected]
Subject: Re: IDCAMs DEF AIX authorization
AS I remember, DEF AIX and PATH only operate in the CAT. The BLX would to the
extract to the AIX
-----Original Message-----
From: "Jousma, David" <[email protected]>
Sent: Tuesday, September 13, 2016 9:19am
To: [email protected]
Subject: IDCAMs DEF AIX authorization
All,
I've got a PMR open with IBM asking the question, but thought I'd also pass
this by the brain trust on this list. We recently had an off-shore contractor
do a DEFINE AIX for a TEST dataset name, but RELATEd it to a PROD dataset name.
The process was allowed surprisingly. Contractor only had read access to
prod dataset. The subsequent BLDINDEX did fail with security violation as
expected. Nightly processing of that prod file failed however due to the
empty AIX. Seems like DEF AIX should have been disallowed if the user didn't
have the appropriate access for what it was related too?
Dave
_________________________________________________________________
Dave Jousma
Manager Mainframe Engineering, Assistant Vice President [email protected]
1830 East Paris, Grand Rapids, MI 49546 MD RSCB2H p 616.653.8429 f 616.653.2717
This e-mail transmission contains information that is confidential and may be
privileged.
It is intended only for the addressee(s) named above. If you receive this
e-mail in error, please do not read, copy or disseminate it in any manner. If
you are not the intended recipient, any disclosure, copying, distribution or
use of the contents of this information is prohibited. Please reply to the
message immediately by informing the sender that the message was misdirected.
After replying, please erase it from your computer system. Your assistance in
correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
[email protected] with the message: INFO IBM-MAIN
This e-mail transmission contains information that is confidential and may be
privileged. It is intended only for the addressee(s) named above. If you
receive this e-mail in error, please do not read, copy or disseminate it in any
manner. If you are not the intended recipient, any disclosure, copying,
distribution or use of the contents of this information is prohibited. Please
reply to the message immediately by informing the sender that the message was
misdirected. After replying, please erase it from your computer system. Your
assistance in correcting this error is appreciated.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
