For CA-ACF2 there is a HLI interface. Not Much to set up. As for changing authority levels. Can't be don
-----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Leonardo Vaz Sent: Wednesday, April 5, 2017 10:39 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Do you use CA-ACF2 and CICS or IMS? Be aware your CICS/IMS developers have security admin priviledges and can do whatever they want to the ACF2 database. "And that's working as designed" is the reply I got from CA... and they don't see it as a security exposure... Well, I do see it as a HUGE security exposure, and I would like to know what my fellow IBM-MAIN'ers think. ACF2 has an SVC call facility called "Supercall Facility", which any program executing under a CICS region or IMS region can use. If they do, they have unrestricted read/write access to the ACF2 database. I just can't get my head around CA thinking that's ok just because it has "always been that way (TM)". Am I being overdramatic? Do you think it's OK for CICS/IMS developers to have security admin privileges? Thanks for any feedback, Leo ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
