The issue with MUSASS (apparently an ACF2 term but applicable to any security product) is that the task itself has a SAF userid that is used for task-level accesses, but each logged in userid must be presented for user-level accesses. Unless this distinction is preserved meticulously, taskid access can spill over to an individual userid, granting (usually) elevated privilege that was never intended.
. . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-543-6132 Office ⇐=== NEW robin...@sce.com -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Steve Beaver Sent: Thursday, April 06, 2017 12:43 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Do you use CA-ACF2 and CICS or IMS? Be aware your CICS/IMS developers have security admin priviledges and can do whatever they want to the ACF2 database. Multiple Users in a Single Address Space. (MUSASS) In the CICS program there is a HLL interface to ACF2. Very easy to setup and use Steve -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Hunkeler Sent: Thursday, April 6, 2017 2:33 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Do you use CA-ACF2 and CICS or IMS? Be aware your CICS/IMS developers have security admin priviledges and can do whatever they want to the ACF2 database. > Peter - What are you attempting to do? > > Steve Me? Its not my thread, I just followed it with interest. I did not understand the term MUSASS. That's all ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN