> One argument management offers in mitigation is that most of these CICS > users don't have TSO, so they > haven't the ability to submit batch jobs.
Job's can easily be submitted from CICS or IMS thru your job scheduler (I think IBM OPC or CA7). I can't remember the specifics for requesting a job and passing parms but it used to be well documented. I suggest you include the requesting user so that it can be validated if necessary or used for tracking purposes. If you don't have a job scheduler, then use your automation product. Worst case, the program can simply issue a message if you don't have the CICS automation component. If the job is not submitted with the requesting user's credentials, then you should greatly restrict the job's functionality. Your security admin does not expect a built in user spoofing tool (outside of surogate). Even surogate can be a security exposure but sometimes necessary. NEVER allow CICS users to submit JCL as the CICS user. With access to everything CICS, the job could destroy something vital, gain access to restricted information (e.g. SSN's) or possibly gain access to restricted CICS commands. User's must always be limited to user data. Jon. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
