Tom, Please examine,
http://publibz.boulder.ibm.com/zoslib/pdf/OA56180.pdf The above document states that the SAF access is required both to obtain and to access the storage. I suspect some tricky work around the segment and paging tables has been used to achieve this. Hence the 1M granularity. Lennie Dymoke-Bradshaw | Security Lead | RSM Partners Ltd Web: www.rsmpartners.com ‘Dance like no one is watching. Encrypt like everyone is.’ -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Tom Marchant Sent: 10 September 2019 15:27 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: [IBM-MAIN] APAR OA56180 / RUCSA On Tue, 10 Sep 2019 09:54:43 +0200, Martin Packer wrote: >If you are enabled to use User-Key CSA via RUCSA I believe you "have a >ticket to THE party", the ONE AND ONLY party. Meaning you can access >other users' allocations of User Key CSA. If I understand it correctly, anyone can access RUCSA storage once someone obtains it. The limitation is on who can issue GETMAIN (or STORAGE OBTAIN) for user key CSA. -- Tom Marchant ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN