On Thu, 26 Jul 2018 07:50:04 -0500, Walt Farrell wrote: >On Tue, 24 Jul 2018 15:08:51 +0000, Seymour J Metz wrote: > >>Neither APF authorization nor supervisor state suspend normal SAF processing >>for, e.g., OPEN. If you know of a privileged application >that bypasses >>normal resource controls and does not require SAF authorization before doing >>so, then it's APAR time. > >I believe there is one exception to that, unless the behavior has been changed >in the past few years: as I recall, OPEN for a >VSAM file will bypass security checking if the issuer of OPEN is running in >supervisor state. I think it's documented (briefly) >deep in some manual, but I forget which one.
See the last sentence: https://www.ibm.com/support/knowledgecenter/SSLTBW_2.3.0/com.ibm.zos.v2r3.idad400/ods.htm "Note: RACF protection supersedes password protection for a data set. RACF checking is bypassed for a caller that is in supervisor state or key 0." -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
