On Thu, 5 Sep 2019 12:05:30 +0000, Lennie Dymoke-Bradshaw wrote: > >"The problem, of course, is that if I'm authorized to submit jobs with >USER=<region> on the JOB card then I can submit ~any~ such job, to do anything >I want that the region can do." > >The CICS transaction runs under the security context of the region userid. > Looking at the condition in the Subject:, "if you don't have TSO" I wonder, would the exposure somehow be less if the user were given a RACF TSO segment? I wouldn't expect so.
-- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
