On Thu, 26 Jul 2018 22:13:01 -0300, Clark Morris wrote: >[Default] On 26 Jul 2018 16:54:23 -0700, (Walt Farrell) wrote: > >>On Thu, 26 Jul 2018 09:54:48 -0500, Tom Marchant wrote: >> >>>> >>>>I believe there is one exception to that, unless the behavior has been >>>>changed in the past few years: as I recall, OPEN for a >>>>VSAM file will bypass security checking if the issuer of OPEN is running in >>>>supervisor state. I think it's documented (briefly) >>>>deep in some manual, but I forget which one. >>> >>>See the last sentence: >>>https://www.ibm.com/support/knowledgecenter/SSLTBW_2.3.0/com.ibm.zos.v2r3.idad400/ods.htm >>> >>>"Note: RACF protection supersedes password protection for a data set. RACF >>>checking is bypassed for a caller that is in supervisor state or key 0." >>> >> >>Thanks, Tom. And, note, for those who may not follow the link, that that >>statement is for VSAM only. > >Why would they exclude only VSAM from checking? Is it because of Page >Datasets or some other reason? Are there other ways of bypassing or >ignoring checking for supervisor and key zero code? > My conjecture is that the VSAM address space itself performs the needed check.
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
