So post z/OS 2.3 only programs in system keys (0-7) will be able to access common dataspaces? What happens if you specify FPROT=NO on DSPSERV?
Thanks Robin > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Jousma, David > Sent: 15 May, 2018 19:57 > To: [email protected] > Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation > > One more time.... All *user-key SCOPE=COMMON dataspaces. > > Jim Mulder > > Apr 5 > > Re: [EXTERNAL] Re: UA94606 > VSM ALLOWUSERKEYCSA(NO) > > only prevents obtaining user key CSA. > It does not prevent creating a user key CADS, or using CHANGKEY > to change the key of subpool 247 or 248 (DREF SQA) storage to > user key. > > The health check and the new SMF 30 field report all three of those > types of security issues, and all three will be disallowed in the next > release after z/OS 2.3. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
