An authorized program would not need to switch TO a SPECIAL userid, it could simply give itself SPECIAL in its ACEE.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Walt Farrell Sent: Monday, November 18, 2019 9:52 AM To: [email protected] Subject: Re: AUTHPGM in IKJTSOxx On Mon, 18 Nov 2019 10:54:06 -0500, scott Ford <[email protected]> wrote: >So guys, stupid question what about a STC that provisions for RACF, etc. >But the design is as a normal generalized user, but with a id >with SPECIAL that is invoked only during the time of passing the command to >RACF ? Does it have to be APF authorized for RACF command >access or am i misunderstanding my readings ? If the program starts out under user ID A, and needs to switch to user ID B (as you seem to indicate it does), then it will need some kind of authorization to switch its identity. That authorization could be APF-authorization, or supervisor state, or system key. Or if the program is running in a UNIX System Services environment on z/OS and the program has appropriate UNIX server authorization, it could use UNIX functions to change its identity. So without more details we can't say what your program would need to do, or exactly what kind of authorization it would need. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
