On Thu, 26 Jul 2018 09:54:48 -0500, Tom Marchant <[email protected]> wrote:
>On Thu, 26 Jul 2018 07:50:04 -0500, Walt Farrell wrote: > >>On Tue, 24 Jul 2018 15:08:51 +0000, Seymour J Metz wrote: >> >>>Neither APF authorization nor supervisor state suspend normal SAF processing >>>for, e.g., OPEN. If you know of a privileged application >that bypasses >>>normal resource controls and does not require SAF authorization before doing >>>so, then it's APAR time. >> >>I believe there is one exception to that, unless the behavior has been >>changed in the past few years: as I recall, OPEN for a >>VSAM file will bypass security checking if the issuer of OPEN is running in >>supervisor state. I think it's documented (briefly) >>deep in some manual, but I forget which one. > >See the last sentence: >https://www.ibm.com/support/knowledgecenter/SSLTBW_2.3.0/com.ibm.zos.v2r3.idad400/ods.htm > >"Note: RACF protection supersedes password protection for a data set. RACF >checking is bypassed for a caller that is in supervisor state or key 0." > Thanks, Tom. And, note, for those who may not follow the link, that that statement is for VSAM only. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
