Gil, So are you saying that you want to invoke GIMSMP from TSO instead of in batch ?
Scott On Sat, Nov 16, 2019 at 2:30 PM Paul Gilmartin < [email protected]> wrote: > On Sat, 16 Nov 2019 17:20:31 +0000, Leonardo Vaz wrote: > > >Thanks for the input. Peter said something about making sure non > authorized units of work are non dispatchable while the authorized program > runs, is this something the authorized program added to AUTHPGM has to do > or something that TSO does? If it is something that TSO already does, then > why limit TSO to only run authorized programs on the AUTHPGM list? What is > the harm of allowing any authorized programs as long as they don’t violate > system integrity. > > > >I’m still curious. > > > Me, too. (The scope of the quantifier "only" is confusing.) > > >> On Nov 16, 2019, at 11:43 AM, retired mainframer wrote: > >> .. > >> If it is in an authorized library, it needs to take the exact same > precautions any other homegrown program that runs authorized would need to > take. When you authorize any program, you are trusting it not to violate > your system's integrity. How it earns that trust varies from site to site > but I expect most have additional requirements above and beyond normal > release procedures. > >> > Do those precautions exceed those required for JCL //STEP EXEC > PGM=HOMEGROWN? > > >>> -----Original Message----- > >>> From: Leonardo Vaz > >>> Sent: Saturday, November 16, 2019 7:30 AM > >>> > >>> I am curious now, does a custom homegrown program have to take extra > precautions > >>> to be placed under AUTHPGM? What would those be? > >>> > At one point, wanting to invoke GIMSMP via ssh with: > /* Rexx exec1*/ > address TSO "exec exec2" > ... > /* Rexx exec2 */ > "ALLOCATE ..." > ... > "call *(GIMSMP) ..." > > ... I needed to have my sysprog add GIMSMP to AUTHPGM. > He did so. Did this create a hazard? Which? > > (After circa 2010, I needed also to be added to a RACF profile to > avoid some ineffable hazard. IBM representatives have provided > no further guidance beyond "Be careful!". I take that to mean, > "If something breaks, it's on you, and we still won't tell you what > you did wrong.") > > -- gil > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- Scott Ford IDMWORKS z/OS Development ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
