The TSO TMP is designed to be attached only by EXEC PGM=IKJEFTxx, or by the TSO/E Session Manager (when Session Manager is the EXEC PGM= on the logon proc). Attaching the TMP by any other program is unsupported.
Attaching the TMP in an IMS dependent region or a CICS AOR will violate the System Integrity and thus the security of your system, since it will allow the unauthorized transaction programs in those regions to take over the system in anyway that they desire. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY IBM Mainframe Discussion List <[email protected]> wrote on 10/27/2017 03:39:00 AM: > From: "Baguley, Nicholas: Absa" <[email protected]> > To: [email protected] > Date: 10/27/2017 12:41 PM > Subject: Re: Batch TSO command (ADDUSER) tracing and diagnostics > Sent by: IBM Mainframe Discussion List <[email protected]> > > Hi List > > Wow - thanks for input List > Lots of ideas , suggestions and questions. > > When you use PARM and not SYSTSIN it doesn?t seem to ECHO input/ > command. I tried it before posting so as not to incur wrath of LIST > Walt - correct.. the userid of the mother task is not authorised to > ADDUSER. The ATTACH is done in supervisor state. Don?t try this at > home type stuff > Tony - attach worked fine as you stated. See code snippet below. > > LIST - I assume if I "front-end" this process it would have to keep > the authorised chain alive? Taking Walts suggestion (but via asm pgm > and nor rexx) and extending it to creating a IKJEFT1X ac(1)? > > At risk of being off topic - It raises the question of opening up > functionality via transactional processing(CICS/IMS) to allow RACF > users to be added. > Business wants it but by the time you have solved all the auth and > audit stuff you have a monster. (getting from problem state running > in an IMS dep region or CICS AOR to supervisor attaching an auth > subtask etc etc and getting v messy) > > > ATTACH PARAM=(TASKPRM),ECB=TASKECB, > MF=(E,TASKPMA),SF=(E,TASKATT) > ST R1,TASKTCB > LR R3,R15 SAVE I > > BAL R8,AUTHRES RESET > > LTR R3,R3 IKJEFT > BNZ ATTFAIL NO - D > WAIT ECB=TASKECB > DETACH TASKTCB > L R3,TASKECB ISOLAT > N R3,=X'3FFFFFFF' > LTR R3,R3 TASK R > BNZ CMDFAIL NO - D > > Thanks again List ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
