On Sun, 17 Feb 2019 18:05:59 +0200, Steff Gladstone <[email protected]> wrote:
>Ok. We have been playing around with program control. If PROG1 (a COBOL >program incidentally) is to be allowed exclusively to update file MY.FILE, >then we: > >1. introduced PROG1 into the list of programs in AUTHPGM in member IKJEFT00 Unless the program is linkedited with AC(1) and needs to run authorized (most COBOL programs don't) I don't see a reason to put it in AUTHPGM. You will likely run into problems in a TSO environment with the environment being marked dirty, as you noted. Your best hope to avoid that is to make sure you've followed the instructions in the RACF Security Administrators Guide about defining the PROGRAM ** profie and all the libraries that you should specify for its ADDMEM operand. Make sure you use the specified UACC value, too. If that doesn't work, then your next approach would be to try TSOEXEC CALL ... to invoke the program. Really, all of this is explained in the Security Administrators Guide in the sections on Program Control and Program Access to Data (PADS), along with some examples and recommendations. As getting this working under TSO is very difficult, my best recommendation is to read those sections and follow the instructions exactly. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
