"And that's working as designed" is the reply I got from CA... and they don't see it as a security exposure...
Well, I do see it as a HUGE security exposure, and I would like to know what my fellow IBM-MAIN'ers think. ACF2 has an SVC call facility called "Supercall Facility", which any program executing under a CICS region or IMS region can use. If they do, they have unrestricted read/write access to the ACF2 database. I just can't get my head around CA thinking that's ok just because it has "always been that way (TM)". Am I being overdramatic? Do you think it's OK for CICS/IMS developers to have security admin privileges? Thanks for any feedback, Leo ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN