On Fri, Oct 27, 2017 at 11:57 AM, Jim Mulder <d10j...@us.ibm.com> wrote:
> The TSO TMP is designed to be attached only by EXEC PGM=IKJEFTxx, > or by the TSO/E Session Manager (when Session Manager is the EXEC PGM= on > the logon proc). > Attaching the TMP by any other program is unsupported. > > Attaching the TMP in an IMS dependent region or a CICS AOR will > violate the System Integrity and thus the security of your system, since > it will allow > the unauthorized transaction programs in those regions to take over the > system > in anyway that they desire. > > Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. > Poughkeepsie NY > > Coming in a bit sideways on this, and from another thread entirely. If I wanted to do z/OS RACF work when I'm logged into a CICS region (though I don't know why), then I think use the zOSMF REST API would be a much better way to go. This could be done using the ZOSMF TSO services REST API to run the RACF commands. ref: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.izua700/izuprog_API_TSOServices.htm This should not affect system integrity because it is simple HTTP over TCPIP, which is native to CICS. -- I have a theory that it's impossible to prove anything, but I can't prove it. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN