There is no "VSAM address space" to perform the check. I don’t have any knowledge of why VSAM open bypasses security calls for a KEY 0 or SUP STATE user, but as I recall, it has been this way for decades.
Wayne Driscoll Rocket Software Note - All opinions are strictly my own. -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Paul Gilmartin Sent: Thursday, July 26, 2018 8:56 PM To: [email protected] Subject: Re: A curiosity Question On Thu, 26 Jul 2018 22:13:01 -0300, Clark Morris wrote: >[Default] On 26 Jul 2018 16:54:23 -0700, (Walt Farrell) wrote: > >>On Thu, 26 Jul 2018 09:54:48 -0500, Tom Marchant wrote: >> >>>> >>>>I believe there is one exception to that, unless the behavior has >>>>been changed in the past few years: as I recall, OPEN for a VSAM >>>>file will bypass security checking if the issuer of OPEN is running in >>>>supervisor state. I think it's documented (briefly) deep in some manual, >>>>but I forget which one. >>> >>>See the last sentence: >>>https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. >>>ibm.com%2Fsupport%2Fknowledgecenter%2FSSLTBW_2.3.0%2Fcom.ibm.zos.v2r3 >>>.idad400%2Fods.htm&data=02%7C01%7Cwdriscoll%40ROCKETSOFTWARE.COM% >>>7C48d6ded2a0c5415d4ab708d5f36420f3%7C79544c1eed224879a082b67a9a672aae >>>%7C0%7C0%7C636682533747748885&sdata=GbQa7LvBwne0JnI12MQuvvbVMmbve >>>pfNE7wuIzDaAvw%3D&reserved=0 >>> >>>"Note: RACF protection supersedes password protection for a data set. RACF >>>checking is bypassed for a caller that is in supervisor state or key 0." >>> >> >>Thanks, Tom. And, note, for those who may not follow the link, that that >>statement is for VSAM only. > >Why would they exclude only VSAM from checking? Is it because of Page >Datasets or some other reason? Are there other ways of bypassing or >ignoring checking for supervisor and key zero code? > My conjecture is that the VSAM address space itself performs the needed check. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ================================ Rocket Software, Inc. and subsidiaries ■ 77 Fourth Avenue, Waltham MA 02451 ■ Main Office Toll Free Number: +1 855.577.4323 Contact Customer Support: https://my.rocketsoftware.com/RocketCommunity/RCEmailSupport Unsubscribe from Marketing Messages/Manage Your Subscription Preferences - http://www.rocketsoftware.com/manage-your-email-preferences Privacy Policy - http://www.rocketsoftware.com/company/legal/privacy-policy ================================ This communication and any attachments may contain confidential information of Rocket Software, Inc. All unauthorized use, disclosure or distribution is prohibited. If you are not the intended recipient, please notify Rocket Software immediately and destroy all copies of this communication. Thank you. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
