On Wed, 4 Sep 2019 14:06:21 -0400, Bob Bridges <robhbrid...@gmail.com> wrote:
>Not sure where to ask this, Here is fine... So, I've read the whole thread and unless I am missing something, I don't think you run any more risk than what you would have if none of your users have a TSO segment. As others have pointed out, the USER=<region> is superfluous, because, by default, when CICS submits the job it is with that userID anyway. Then, yes, there are tons of ways to get a job into the system, but submitting JCL from TSO in se will not allow any user to submit that job as the CICS region userID. Unless of course your security set-up allows uncontrolled usage of the USER= clause on the job card. For any mere mortal to submit a job with a USER= on the job card, your security package (TSS in your case, RACF in mine) will have to be instructed to allow that particular mortal to do so. SURROGAT does indeed cover your fear. Set a (very) generic profile that forbids any surrogate user and then set specific profiles to grant the access to only those that actually need it. Apart from that, I would recommend to use the USER= clause on the job card of the jobs that are submitted by your CICS regions, but then to specify a DIFFERENT user ID than that of the region. Give the CICS region user ID (and nobody else) SURROGATE on this other user ID. O, and, yes, I would worry about what JCL can be submitted from CICS, but I understand that is under control in your installation (the assembler program, you spoke about). Very best regards, Jantje. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN