Jim-
Thanks for the clarification.

Robin

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Jim Mulder
Sent: 16 May 2018 22:41
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation

 Post z/OS 2.3, only programs in system keys (0-7) will be able
to store into common dataspaces (and CSA).  Non-fetch protected system 
key SCOPE=COMMON data spaces (and non-fetch protected system 
key CSA) continue to be supported.

Jim Mulder z/OS Diagnosis, Design, Development, Test  IBM Corp. 
Poughkeepsie NY


IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> wrote on 
05/16/2018 07:56:02 AM:

> From: Robin Atwood <abend...@gmail.com>
> To: IBM-MAIN@LISTSERV.UA.EDU
> Date: 05/16/2018 11:28 AM
> Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation
> Sent by: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU>
> 
> So post z/OS 2.3 only programs in system keys (0-7) will be able to 
access
> common dataspaces? What happens if you specify FPROT=NO on DSPSERV?
> 
> Thanks
> Robin
> 
> > -----Original Message-----
> > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] 
On
> > Behalf Of Jousma, David
> > Sent: 15 May, 2018 19:57
> > To: IBM-MAIN@LISTSERV.UA.EDU
> > Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation
> > 
> > One more time....  All *user-key SCOPE=COMMON dataspaces.
> > 
> > Jim Mulder
> > 
> > Apr 5
> > 
> > Re: [EXTERNAL] Re: UA94606
> >  VSM ALLOWUSERKEYCSA(NO)
> > 
> >     only prevents obtaining user key CSA.
> > It does not prevent creating a user key CADS, or using CHANGKEY
> > to change the key of subpool 247 or 248  (DREF SQA) storage to
> > user key.
> > 
> >   The health check and the new SMF 30 field  report all three of those
> > types of security issues, and all three will be disallowed in the next
> > release after z/OS 2.3.



----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to