On Fri, Oct 21, 2016 at 1:59 PM, Itschak Mugzach <[email protected]> wrote:
> If the called program having AC(1) fetched from an APF authorized dataset, > it will be executed with no problem as the environment itself is considered > (pure) authorized. > > ITschak > > ITschak Mugzach > Z/OS, ISV Products and Application Security & Risk Assessments Professional > > > Hum, sounds a bit "different". Normally, if a program is running as APF authorized, any attempt to run a non-APF program, say via LINK or ATTACH, will get a S306-0C abend. So, can I do a ADDRESS LINK SOMEPROG if SOMEPROG is in the LINKLIST, I have LNKAUTH=APFTAB, the DSN on the LINKLIST is _not_ APF authorized. In a normal batch program, this will get the aforementioned abend. Now, I'm wondering what happens in a System REXX environment. Not that I plan to actually use ADDRESS LINK for anything. I tend to prefer to run my SysREXX program in a non-TSO server and do "funny" stuff by starting an STC or via BPXWUNIX(). -- Heisenberg may have been here. Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
