On Wed, 4 Dec 2019 01:28:39 +0000, Lennie Dymoke-Bradshaw <[email protected]> wrote:
>Jesse / Skip, > >This is actually defined as being a requirement in "DFSMS Access Method >Services Commands" SC23-6846-30. See Page 6, or just search for AUTHCMD and >you will quickly find it. It states the following, > >"To use IDCAMS and some of its parameters from TSO/E, your system programmer >must update the system by one of these means: >. Update the IKJTSOxx member of SYS1.PARMLIB. This is the method that IBM >recommends. Add IDCAMS to the list of authorized programs (AUTHPGM). If you >want to use SHCDS, SETCACHE, LISTDATA, DEFINE or IMPORT from TSO/E, add them >(and abbreviations) to the authorized command list(AUTHCMD). >. Update the IKJEGSCU CSECT instead of IKJTSOxx, see z/OS TSO/E Customization >for more information." > >This does not introduce the exposure that placing IDCAMS into AUTHPGM does. >Several forms of DEFINE require APF authorisation. There is no exposure, today, with having IDCAMS in the AUTHPGM list. There was, I believe, in the distant past before the AUTHTSF list was created. There would be an exposure putting IDCAMS in the AUTHTSF list. For more: https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.ikjb700/ikjb700_Program_Authorization_and_Isolation.htm -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
