On Fri, Oct 27, 2017 at 1:45 PM, Tony Harminc <t...@harminc.net> wrote:
> On 27 October 2017 at 13:06, John McKown <john.archie.mck...@gmail.com> > wrote: > > > > > Coming in a bit sideways on this, and from another thread entirely. If I > > wanted to do z/OS RACF work when I'm logged into a CICS region (though I > > don't know why), then I think use the zOSMF REST API would be a much > better > > way to go. This could be done using the ZOSMF TSO services REST API to > run > > the RACF commands. > > ref: > > https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1. > > 0/com.ibm.zos.v2r1.izua700/izuprog_API_TSOServices.htm > > > > This should not affect system integrity because it is simple HTTP over > > TCPIP, which is native to CICS. > > > > How would the caller authenticate to RACF to do this? > Well, the REST API can use HTTP basic authentication. So the CICS transaction would need to ask the user for the proper userid/password and send that on to ZOSMF. And the signed on user would need proper RACF authority to run the CICS transaction. -- I have a theory that it's impossible to prove anything, but I can't prove it. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN