Re: Which STEPLIB concatenation is not authorized?
Hi I know it's a while since this discussion, but file 953 on the cbttape latest updates page has two possible solutions for this. Assembler program LISTAPF uses the code from Mark Zelden's IPLINFO to get a list of APF authorised datasets it then gets all datasets concatenated to STEPLIB and reports any which are not in the APF list. Then it does the same for JOBLIB. Alternatively, assembler program GETDSNAM acts as a rexx function and populates a stem variable containing all datasets concatenated to a DDNAME so the checking could be done in a batch rexx program. Regards John -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
You know what I am thinking of doing? Yes, it would be great to loop through all of the concatenations of STEPLIB and display the APF status of each. More time than I can justify at this moment. But what about the following? Wouldn't this solve the problem? A very simple program that would open a vanilla input DCB for SYSUT1, chain to the DEB and check the APF bit (DEBAPFIN?), and then issue a yay/nay WTO? A customer would have to copy the STEPLIB concatenations DD's one at a time into the SYSUT1 DD in a simple little jobstep, but that should be do-able. Advantage over a display command and IEHIBALL? If they copied it exactly as it was specified in STEPLIB then it would avoid all eyeball checks on the exact dataset name, multiple instances of a name on different VOLSERs, etc. The source should be small enough to paste here, and I would do so if there is interest. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Ed Jaffe Sent: Tuesday, November 22, 2016 6:23 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On 11/22/2016 5:06 AM, Peter Relson wrote: > > What the system has, and could return (indeed does provide to the > CSVFETCH exit as of z/OS 2.2) is the UCB address and CCHH of the data > set. I don't claim to know exactly how, but you can get from that to the data > set name. > An enhancement could be made to CSVQUERY/CSVINFO to provide that data. I assume one would use the UCB address to get the volser, then process the VTOC using CVAFSEQ or similar to find which data set is located at that CCHH. Hopefully, CVAFSEQ et al has no APF requirement. It would be an unfortunate catch-22 if only an authorized program could determine with certainty why it's not running authorized... -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Tue, Nov 22, 2016 at 11:35 AM, Charles Millswrote: > > And those for whom this too complicated: don't touch a z/OS system until > you have covered the dummies course. > > I'll tell the support staff to start telling that to the POCs. I'm sure the > sales team will be pleased. > INSTALLATION INSTRUCTIONS: 1) Hire someone who can read and is not a complete idiot. ... > > Charles > > -- Heisenberg may have been here. Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
> And those for whom this too complicated: don't touch a z/OS system until you have covered the dummies course. I'll tell the support staff to start telling that to the POCs. I'm sure the sales team will be pleased. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Vernooij, Kees (ITOPT1) - KLM Sent: Tuesday, November 22, 2016 2:28 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? Altogether, to me this all seems a tremendous overkill for a problem that occurs a few time per year somewhere in the world. How many system programmers does it take to switch a lightbulb? How many to check a steplib concatenation on 047 abends? Take your libraries and check them against D PROG,APF and you know what you're looking for. And those for whom this too complicated: don't touch a z/OS system until you have covered the dummies course. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On 11/22/2016 5:06 AM, Peter Relson wrote: What the system has, and could return (indeed does provide to the CSVFETCH exit as of z/OS 2.2) is the UCB address and CCHH of the data set. I don't claim to know exactly how, but you can get from that to the data set name. An enhancement could be made to CSVQUERY/CSVINFO to provide that data. I assume one would use the UCB address to get the volser, then process the VTOC using CVAFSEQ or similar to find which data set is located at that CCHH. Hopefully, CVAFSEQ et al has no APF requirement. It would be an unfortunate catch-22 if only an authorized program could determine with certainty why it's not running authorized... -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Actually this can be in z/OS V2.1 with a PTF APAR Identifier .. PI60831 Last Changed 16/07/04 NEW FUNCTION Symptom .. NF NEW FUNCTION Status ... CLOSED UR1 Severity ... 4 Date Closed . 16/06/13 Component .. 566548802 Duplicate of Reported Release . 790 Fixed Release 999 Component Name SDSF PLUGIN Special Notice Current Target Date ..16/06/30 Flags SCP ... Platform Status Detail: SHIPMENT - Packaged solution is available for shipment. PE PTF List: PTF List: Release 7A0 : UI38655 available 16/06/29 (F606 ) Release 790 : UI38656 available 16/06/30 (F606 ) * PROBLEM DESCRIPTION: New function to implement the APF, LNK, * * LPA, PAG, PARM, and SYS commands using * * the z/OSMF SDSF plug-in. Lizette > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Vernooij, Kees (ITOPT1) - KLM > Sent: Tuesday, November 22, 2016 6:58 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Which STEPLIB concatenation is not authorized? > > I didn't know that one, but now I see I also have it in 2.1 > > Kees. > > -Original Message- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of Tom Marchant > Sent: 22 November, 2016 14:53 > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: Re: Which STEPLIB concatenation is not authorized? > > On Tue, 22 Nov 2016 13:28:14 +, Vernooij, Kees wrote: > > >Take your libraries and check them against D PROG,APF and you know what > >you're looking for. > > And if you are at z/OS 2.2, the APF command in SDSF is even easier, because > the list is sorted by DSNAME. > > -- > Tom Marchant > -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
I didn't know that one, but now I see I also have it in 2.1 Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Marchant Sent: 22 November, 2016 14:53 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On Tue, 22 Nov 2016 13:28:14 +, Vernooij, Kees wrote: >Take your libraries and check them against D PROG,APF and you >know what you're looking for. And if you are at z/OS 2.2, the APF command in SDSF is even easier, because the list is sorted by DSNAME. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Tue, 22 Nov 2016 13:28:14 +, Vernooij, Kees wrote: >Take your libraries and check them against D PROG,APF and you >know what you're looking for. And if you are at z/OS 2.2, the APF command in SDSF is even easier, because the list is sorted by DSNAME. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Altogether, to me this all seems a tremendous overkill for a problem that occurs a few time per year somewhere in the world. How many system programmers does it take to switch a lightbulb? How many to check a steplib concatenation on 047 abends? Take your libraries and check them against D PROG,APF and you know what you're looking for. And those for whom this too complicated: don't touch a z/OS system until you have covered the dummies course. Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Peter Relson Sent: 22 November, 2016 14:07 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? IMHO, we need an enhancement to CSVQUERY/CSVINFO (as appropriate) to return the fully-qualified data set name and volume and/or HFS path from which a module was actually fetched. (If it came from VLF, that information would need to be preserved at the time the module is cached so it can be provided to CSV.) I don't see this ever happening. The system does not keep that information. The extra cycles to determine that information cannot be justified at this time. The system also does not keep information about whether the fetch was satisfied from LPA, LNKLST, joblib, steplib, some tasklib or some user-specified DCB. By the way, CSV never actually knows the full file system path name. It knows only when USS provides it (which is not necessarily the full name). CSVQUERY and CSVINFO *do* provide the file system path name to the invoker. >However, it's not trivial to determine from where you were loaded. It >could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST. It shouldn't be that hard if you know the member name. Create a DCB for STEPLIB and open it. If that works, do a BLDL on the member name and if that works, you've found the module. If the BLDL fails, it's not in STEPLIB and JOBLIB isn't used. If the open fails, try the same with JOBLIB. It's not "hard" but it's not trivial either. If you're running under the job, there's no reason to create a DCB for STEPLIB and open it, as the DCB already exists and is open. You could just do a BLDL yourself using the DCB pointed to by TCBJLB. Ignoring the user-specified DCB case, the system search is, approximately: Do for every task from this task repeating using TCBOTC up through the jobstep program task look for the member in the TCBJLB task if there is one End Do Look for the member in LPA Look for the member in LNKLST What the system has, and could return (indeed does provide to the CSVFETCH exit as of z/OS 2.2) is the UCB address and CCHH of the data set. I don't claim to know exactly how, but you can get from that to the data set name. An enhancement could be made to CSVQUERY/CSVINFO to provide that data. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
IMHO, we need an enhancement to CSVQUERY/CSVINFO (as appropriate) to return the fully-qualified data set name and volume and/or HFS path from which a module was actually fetched. (If it came from VLF, that information would need to be preserved at the time the module is cached so it can be provided to CSV.) I don't see this ever happening. The system does not keep that information. The extra cycles to determine that information cannot be justified at this time. The system also does not keep information about whether the fetch was satisfied from LPA, LNKLST, joblib, steplib, some tasklib or some user-specified DCB. By the way, CSV never actually knows the full file system path name. It knows only when USS provides it (which is not necessarily the full name). CSVQUERY and CSVINFO *do* provide the file system path name to the invoker. >However, it's not trivial to determine from where you were loaded. It >could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST. It shouldn't be that hard if you know the member name. Create a DCB for STEPLIB and open it. If that works, do a BLDL on the member name and if that works, you've found the module. If the BLDL fails, it's not in STEPLIB and JOBLIB isn't used. If the open fails, try the same with JOBLIB. It's not "hard" but it's not trivial either. If you're running under the job, there's no reason to create a DCB for STEPLIB and open it, as the DCB already exists and is open. You could just do a BLDL yourself using the DCB pointed to by TCBJLB. Ignoring the user-specified DCB case, the system search is, approximately: Do for every task from this task repeating using TCBOTC up through the jobstep program task look for the member in the TCBJLB task if there is one End Do Look for the member in LPA Look for the member in LNKLST What the system has, and could return (indeed does provide to the CSVFETCH exit as of z/OS 2.2) is the UCB address and CCHH of the data set. I don't claim to know exactly how, but you can get from that to the data set name. An enhancement could be made to CSVQUERY/CSVINFO to provide that data. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Mon, 21 Nov 2016 09:33:20 -0800, Ed Jaffe wrote: >However, it's not trivial to determine from where you were loaded. It >could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST. It shouldn't be that hard if you know the member name. Create a DCB for STEPLIB and open it. If that works, do a BLDL on the member name and if that works, you've found the module. If the BLDL fails, it's not in STEPLIB and JOBLIB isn't used. If the open fails, try the same with JOBLIB. But for this purpose, I don't think it matters where the module came from. If there is a STEPLIB with a non-authorized data set, the step is not authorized. If there is no STEPLIB and there is a JOBLIB, all data sets in it must be authorized. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On 11/21/2016 8:27 AM, Charles Mills wrote: Exactly. That is what I intend to do. Charles John McKown wrote: THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT APF AUTHORIZED. ... or migrated or is not SMS, not cataloged, etc. I love this idea!!! However, it's not trivial to determine from where you were loaded. It could be STEPLIB/JOBLIB, it could be LPA, it could be LNKLST. CSVQUERY does have an ability to return a token that can, through some complex and circuitous logic, actually map back to a data set name or HFS path, but it's not easy and I have a nagging suspicion that at least part of that processing requires authorization. IMHO, we need an enhancement to CSVQUERY/CSVINFO (as appropriate) to return the fully-qualified data set name and volume and/or HFS path from which a module was actually fetched. (If it came from VLF, that information would need to be preserved at the time the module is cached so it can be provided to CSV.) Of course, there is an implied assumption here that you're invoking TESTAUTH from inside the program referenced by EXEC PGM=. If not, you would first need to determine which program name that is. (It's not difficult, but it is an extra step...) -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
I believe that's the right approach. For now anyway. You have control. You can build a common routine that any APF product can call during initialization. If IBM ever comes up with a more general solution, you can revisit your solution. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Monday, November 21, 2016 8:27 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? Exactly. That is what I intend to do. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Monday, November 21, 2016 2:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? John McKown wrote: >But I can see where it would be _very_ nice if an application to do a >TESTAUTH to make sure that it is APF authorized. And, if not, then put out a >message similar to: >THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME >volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT >APF AUTHORIZED. ... or migrated or is not SMS, not cataloged, etc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
One caveat. APF can be modified dynamically without updating PARMLIB. Not necessarily an error if it's the first try with a new application, although in practice it's a red flag. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mike Schwab Sent: Sunday, November 20, 2016 10:16 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? OK. How about 2 REXX commands. The first REXX command reads SYS*.PARMLIB members, parses out the DSN and Vol/SMS ignoring syntax errors, and checks each DSN for APF authorization. The second REXX command read any JCL member, parses out the steplib DSNs and Volumes ignoring syntax errors, and checks each DSN for APR authorization. This would be useful for any site or product that has z/OS APF libraries. On Sun, Nov 20, 2016 at 11:25 AM, Clark Morris <cfmpub...@ns.sympatico.ca> wrote: > [Default] On 20 Nov 2016 08:47:04 -0800, in bit.listserv.ibm-main > charl...@mcn.org (Charles Mills) wrote: > >>Thanks @Gil, I think you get where I am trying to go with this. >> >>It's not that I don't know how to use TESTAUTH or think TESTAUTH is >>giving me the wrong answer. But now what? We say "one or more of your >>datasets is apparently not authorized" and the customer says "WE TOLD >>YOU THEY ARE ALL AUTHORIZED!" Now what does the poor support tech do? >>Say "Issue a 'D PROG,APF' and check all the libraries -- it's not rocket >>surgery!" > > It seems like a generic module that chases the chains would be useful > to a number of vendors and even for Roll your own code. I know that I > was enraged on earlier versions with the JCL message symbol not > defined in procedure mess and justified the effort to go to MVS SP > 1.3.2 or 1.3.3 because that was the version.release.modification level > that had the change telling you which symbol wasn't defined in the > procedure. In this case chasing down errant libraries when the > installing groups isn't responsible for setting up APF authorization > can be interesting. > > Clark Morris >> >>Would YOU buy a product from a vendor that talked to you like that? >> >>Charles >> >>-Original Message- >>From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] >>On Behalf Of Paul Gilmartin >>Sent: Sunday, November 20, 2016 1:21 AM >>To: IBM-MAIN@LISTSERV.UA.EDU >>Subject: Re: Which STEPLIB concatenation is not authorized? >> >>On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: >>> >>> As complicated this may sound, APF can be determined/diagnosed by >>inspection with relative ease. It's not rocket surgery. >>> >>Perhaps. But it would be poor business practice for the OP to address >>his customer so tactlessly. IBM ought to help its customers to help >>their customers. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Exactly. That is what I intend to do. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: Monday, November 21, 2016 2:58 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? John McKown wrote: >But I can see where it would be _very_ nice if an application to do a >TESTAUTH to make sure that it is APF authorized. And, if not, then put out a >message similar to: >THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME >volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT >APF AUTHORIZED. ... or migrated or is not SMS, not cataloged, etc. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Not only STEPLIB (and JOBLIB) but also any tasklib, which in fact can be any ddname. And then the problem arises: when should the 'non-apf warming' be issued? You could have a ddname with a concatenation of loadlibraries, that are never going to be used to LOAD modules from, so the warning is useless and confusing. Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Elardus Engelbrecht Sent: 21 November, 2016 14:58 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? John McKown wrote: >But I can see where it would be _very_ nice if an application to do a >TESTAUTH to make sure that it is APF authorized. And, if not, then put out a >message similar to: >THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME >volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT >APF AUTHORIZED. ... or migrated or is not SMS, not cataloged, etc. It would be very nice if the issuer of IGD103I SMS ALLOCATED TO DDNAME STEPLIB can show above message. Or yet better - take that list of datasets in that STEPLIB, feed it to 'APF Dataset Report' in 'RACF_SENSITIVE_RESOURCES' in Health Checker ... ... with this one little variation - the FULL lists (all entries in that STEPLIB) must be APFed. That is ALL or nothing! H, ..ok, now drifting somewhat, but what about libraries in Linklist, but NOT APFed? Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
John McKown wrote: >But I can see where it would be _very_ nice if an application to do a >TESTAUTH to make sure that it is APF authorized. And, if not, then put out a >message similar to: >THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME >volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT >APF AUTHORIZED. ... or migrated or is not SMS, not cataloged, etc. It would be very nice if the issuer of IGD103I SMS ALLOCATED TO DDNAME STEPLIB can show above message. Or yet better - take that list of datasets in that STEPLIB, feed it to 'APF Dataset Report' in 'RACF_SENSITIVE_RESOURCES' in Health Checker ... ... with this one little variation - the FULL lists (all entries in that STEPLIB) must be APFed. That is ALL or nothing! H, ..ok, now drifting somewhat, but what about libraries in Linklist, but NOT APFed? Groete / Greetings Elardus Engelbrecht -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Mon, Nov 21, 2016 at 7:21 AM, Charles Millswrote: > > > YOU say it's all authorized. z/OS says it's not. Let's think who's > probably right here. > I agree, but I have a couple of friends who are / were in level 1 support. You'd be amazed by stories of ignorance and mental denseness. I've read comparable stories on "The Register" (http://www.theregister.co.uk). I loved the one where the end-user apparently didn't know that the "on" button for a PC was the same one as the "off" button. The one I remember was from a certain frozen state which shall remain nameless where the system's programmer reported that the product would immediately abend. He had not linked the supplied object decks into a load library, but put the data set containing the object decks in the STEPLIB. I guess he didn't read the installation documentation (Top Secret was the product). But I can see where it would be _very_ nice if an application to do a TESTAUTH to make sure that it is APF authorized. And, if not, then put out a message similar to: THE PRODUCT IS NOT APF AUTHORIZED DUE TO THE DSN=SOME.NONAPF.LIBRARY ON VOLUME volser BEING ON THE STEPLIB/JOBLIB. DSN=SOME.NONAPF.LIBRARY ON volser IS NOT APF AUTHORIZED. -- Heisenberg may have been here. Unicode: http://xkcd.com/1726/ Maranatha! <>< John McKown -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
YOU say it's all authorized. z/OS says it's not. Let's think who's probably right here. CharlesSent from a mobile; please excuse the brevity Original message From: Peter Relson <rel...@us.ibm.com> Date: 11/21/16 2:12 PM (GMT+01:00) To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? >Would YOU buy a product from a vendor that talked to >you like that? Maybe not. But why wouldn't helpful technical support say "please issue DISPLAY PROG,APF and let me see the output so that I can help you figure out what is wrong?" How do you think conversations go for just about anyone when customers report problems? An early step is for the customer to make available the data that can help to diagnose the problem. (unless you're talking to a helpless desk that tells you to power off and power on, or uninstall and re-install). And in the case at hand, what did the customer say if they had asserted that all the libraries were APF authorized and you found that there were 3 in the concatenation that weren't? Maybe your technical support should offer to make a friendly wager with the customer about the state of things (because "apparently not authorized" is a wimpy -- but possibly necessary -- way of stating the fact "is not considered by the system to be APF-authorized"). Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
>Would YOU buy a product from a vendor that talked to >you like that? Maybe not. But why wouldn't helpful technical support say "please issue DISPLAY PROG,APF and let me see the output so that I can help you figure out what is wrong?" How do you think conversations go for just about anyone when customers report problems? An early step is for the customer to make available the data that can help to diagnose the problem. (unless you're talking to a helpless desk that tells you to power off and power on, or uninstall and re-install). And in the case at hand, what did the customer say if they had asserted that all the libraries were APF authorized and you found that there were 3 in the concatenation that weren't? Maybe your technical support should offer to make a friendly wager with the customer about the state of things (because "apparently not authorized" is a wimpy -- but possibly necessary -- way of stating the fact "is not considered by the system to be APF-authorized"). Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Sun, 20 Nov 2016 13:41:20 -0600, Paul Gilmartin wrote: >On Sun, 20 Nov 2016 17:01:43 +, Jesse 1 Robinson wrote: > >>the requirements for APF concatenation were invented to protect the customer >> >The particular implementation protects the customer from nothing. Of course it does. Your contention that it could be better is not evidence that the requirements for APF concatenation does not protect the customer is not accurate. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Sun, 20 Nov 2016 17:01:43 +, Jesse 1 Robinson wrote: >I don't want to sound warlike--especially in today's political climate--but >vendors have always expected customers to diagnose their own APF problems. >'Tact' is often a matter of delivering uncomfortable news gently and >empathetically. As others have said, the requirements for APF concatenation >were invented to protect the customer, not to annoy or vex. > The particular implementation protects the customer from nothing. The convention of LINKLIST which determines APF status from the individual data set rather than the ensemble as STEPLIB does provides sufficient integrity protection and greater flexibility. (But no better diagnostic information for Charles.) Startool? ISVs are understandably reluctant to require their customers to purchase a fourth-party product. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
OK. How about 2 REXX commands. The first REXX command reads SYS*.PARMLIB members, parses out the DSN and Vol/SMS ignoring syntax errors, and checks each DSN for APF authorization. The second REXX command read any JCL member, parses out the steplib DSNs and Volumes ignoring syntax errors, and checks each DSN for APR authorization. This would be useful for any site or product that has z/OS APF libraries. On Sun, Nov 20, 2016 at 11:25 AM, Clark Morris <cfmpub...@ns.sympatico.ca> wrote: > [Default] On 20 Nov 2016 08:47:04 -0800, in bit.listserv.ibm-main > charl...@mcn.org (Charles Mills) wrote: > >>Thanks @Gil, I think you get where I am trying to go with this. >> >>It's not that I don't know how to use TESTAUTH or think TESTAUTH is giving >>me the wrong answer. But now what? We say "one or more of your datasets is >>apparently not authorized" and the customer says "WE TOLD YOU THEY ARE ALL >>AUTHORIZED!" Now what does the poor support tech do? Say "Issue a 'D >>PROG,APF' and check all the libraries -- it's not rocket surgery!" > > It seems like a generic module that chases the chains would be useful > to a number of vendors and even for Roll your own code. I know that I > was enraged on earlier versions with the JCL message symbol not > defined in procedure mess and justified the effort to go to MVS SP > 1.3.2 or 1.3.3 because that was the version.release.modification level > that had the change telling you which symbol wasn't defined in the > procedure. In this case chasing down errant libraries when the > installing groups isn't responsible for setting up APF authorization > can be interesting. > > Clark Morris >> >>Would YOU buy a product from a vendor that talked to you like that? >> >>Charles >> >>-Original Message- >>From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >>Behalf Of Paul Gilmartin >>Sent: Sunday, November 20, 2016 1:21 AM >>To: IBM-MAIN@LISTSERV.UA.EDU >>Subject: Re: Which STEPLIB concatenation is not authorized? >> >>On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: >>> >>> As complicated this may sound, APF can be determined/diagnosed by >>inspection with relative ease. It's not rocket surgery. >>> >>Perhaps. But it would be poor business practice for the OP to address his >>customer so tactlessly. IBM ought to help its customers to help their >>customers. >> >>-- >>For IBM-MAIN subscribe / signoff / archive access instructions, >>send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > -- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- Mike A Schwab, Springfield IL USA Where do Forest Rangers go to get away from it all? -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
[Default] On 20 Nov 2016 08:47:04 -0800, in bit.listserv.ibm-main charl...@mcn.org (Charles Mills) wrote: >Thanks @Gil, I think you get where I am trying to go with this. > >It's not that I don't know how to use TESTAUTH or think TESTAUTH is giving >me the wrong answer. But now what? We say "one or more of your datasets is >apparently not authorized" and the customer says "WE TOLD YOU THEY ARE ALL >AUTHORIZED!" Now what does the poor support tech do? Say "Issue a 'D >PROG,APF' and check all the libraries -- it's not rocket surgery!" It seems like a generic module that chases the chains would be useful to a number of vendors and even for Roll your own code. I know that I was enraged on earlier versions with the JCL message symbol not defined in procedure mess and justified the effort to go to MVS SP 1.3.2 or 1.3.3 because that was the version.release.modification level that had the change telling you which symbol wasn't defined in the procedure. In this case chasing down errant libraries when the installing groups isn't responsible for setting up APF authorization can be interesting. Clark Morris > >Would YOU buy a product from a vendor that talked to you like that? > >Charles > >-Original Message- >From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On >Behalf Of Paul Gilmartin >Sent: Sunday, November 20, 2016 1:21 AM >To: IBM-MAIN@LISTSERV.UA.EDU >Subject: Re: Which STEPLIB concatenation is not authorized? > >On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: >> >> As complicated this may sound, APF can be determined/diagnosed by >inspection with relative ease. It's not rocket surgery. >> >Perhaps. But it would be poor business practice for the OP to address his >customer so tactlessly. IBM ought to help its customers to help their >customers. > >-- >For IBM-MAIN subscribe / signoff / archive access instructions, >send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
I don't want to sound warlike--especially in today's political climate--but vendors have always expected customers to diagnose their own APF problems. 'Tact' is often a matter of delivering uncomfortable news gently and empathetically. As others have said, the requirements for APF concatenation were invented to protect the customer, not to annoy or vex. In short, all products we buy for mainframe come with the same caveat. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Sunday, November 20, 2016 8:47 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? Thanks @Gil, I think you get where I am trying to go with this. It's not that I don't know how to use TESTAUTH or think TESTAUTH is giving me the wrong answer. But now what? We say "one or more of your datasets is apparently not authorized" and the customer says "WE TOLD YOU THEY ARE ALL AUTHORIZED!" Now what does the poor support tech do? Say "Issue a 'D PROG,APF' and check all the libraries -- it's not rocket surgery!" Would YOU buy a product from a vendor that talked to you like that? Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Sunday, November 20, 2016 1:21 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: > > As complicated this may sound, APF can be determined/diagnosed by inspection with relative ease. It's not rocket surgery. > Perhaps. But it would be poor business practice for the OP to address his customer so tactlessly. IBM ought to help its customers to help their customers. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
I can't speak for the CBT PDS Command, but StarTool shows APF directly and automatically without any need for OS commands. SYS1.LPALIB, for example, gives this message right at the top: PDS224I This data set is APF authorized This means of course that it's programmatically possible for an app to determine APF status given a specific library. The leap from there to displaying APF status at the OS level is greater than this customer cares to pay for. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Sunday, November 20, 2016 8:24 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? In the situation that triggered this discussion it was three datasets. Various vendor products and DB2 IIRC. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Harminc Sent: Sunday, November 20, 2016 1:46 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On 18 November 2016 at 06:26, Charles Mills <charl...@mcn.org> wrote: > As a software vendor, on new installs we often get customers saying > "your product puts out a message saying it is not authorized but we're > sure we authorized the library" and it is often a painful process > taking them through checking each concatenation. [...] It's been an interesting discussion. But may I ask why you are in the position of having your customers with a big pile of datasets in their STEPLIB concatenation for your product? Well, you didn't say it's a big pile, but if were one or two you surely wouldn't be asking... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Thanks @Gil, I think you get where I am trying to go with this. It's not that I don't know how to use TESTAUTH or think TESTAUTH is giving me the wrong answer. But now what? We say "one or more of your datasets is apparently not authorized" and the customer says "WE TOLD YOU THEY ARE ALL AUTHORIZED!" Now what does the poor support tech do? Say "Issue a 'D PROG,APF' and check all the libraries -- it's not rocket surgery!" Would YOU buy a product from a vendor that talked to you like that? Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Sunday, November 20, 2016 1:21 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: > > As complicated this may sound, APF can be determined/diagnosed by inspection with relative ease. It's not rocket surgery. > Perhaps. But it would be poor business practice for the OP to address his customer so tactlessly. IBM ought to help its customers to help their customers. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
In the situation that triggered this discussion it was three datasets. Various vendor products and DB2 IIRC. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tony Harminc Sent: Sunday, November 20, 2016 1:46 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On 18 November 2016 at 06:26, Charles Mills <charl...@mcn.org> wrote: > As a software vendor, on new installs we often get customers saying > "your product puts out a message saying it is not authorized but we're > sure we authorized the library" and it is often a painful process > taking them through checking each concatenation. [...] It's been an interesting discussion. But may I ask why you are in the position of having your customers with a big pile of datasets in their STEPLIB concatenation for your product? Well, you didn't say it's a big pile, but if were one or two you surely wouldn't be asking... -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
I'll accept that as almost true. But BLDL (I assume LOAD uses that or something similar) needs to find the directories to search. I'm trying to RTRM and understand. I guess it can examine DEBAMLNG bytes in DEBEXTNM to find the first extent of each catenand which must contain the directory. BLDL uses the information in the DEB to determine which data sets' directories are to be checked. But that's not enough to really identify the data set; only unit and address. Bummer. The pain customers endure because storage was so expensive a half-century ago that 32 bytes couldn't be spared for flags indicating which extents belong to authorized data sets. I believe that most would use RDJFCB to find the data set name(s) comprising a concatenation. The DEB can be traversed (not trivially, but not overly hard) to correlate. I'm sure many on this list could write the sort of program/exec that would solve Charles' quandry, taking as input the JCL and using things like CSVAPF and IsItMgd. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Sat, 19 Nov 2016 16:05:08 -0600, Paul Gilmartin wrote: > >Hmmm. If I were to ALLOCATE a UNIX directory with DSORG=PS, >RECFM-F,LRECL=256; could I read it as a PDS directory? > No. And well documented; a limitation for strong technical reasons, unlike some arbitrary limitations z/OS imposes. But it has dismaying consequences: it's probably a contributing factor to ISPF LM's inability to process UNIX directories. Researching this, I found instructions in Using Data Sets that cause a JCL error. RCF submitted. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On 18 November 2016 at 06:26, Charles Millswrote: > As a software vendor, on new installs we often get customers saying "your > product puts out a message saying it is not authorized but we're sure we > authorized the library" and it is often a painful process taking them > through checking each concatenation. [...] It's been an interesting discussion. But may I ask why you are in the position of having your customers with a big pile of datasets in their STEPLIB concatenation for your product? Well, you didn't say it's a big pile, but if were one or two you surely wouldn't be asking... Tony H. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On 2016-11-19, at 15:32, Jesse 1 Robinson wrote: > > As complicated this may sound, APF can be determined/diagnosed by inspection > with relative ease. It's not rocket surgery. > Perhaps. But it would be poor business practice for the OP to address his customer so tactlessly. IBM ought to help its customers to help their customers. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
APF is defined in SYS1.PARMLIB(PROGxx) according to the installation defined concatenation in IEASYSxx. The result of that concatenation determines the set of APF libraries unless modified after IPL by SETPROG APF. Entries in PROGxx are of two types: APF ADD DSN(dsn-1) SMS APF ADD DSN(dsn-2) VOL(volser) If 'SMS' is coded, then the library can be located anywhere, but it must be SMS defined. There can only be one dsn-1 because SMS does not allow duplicates in a system. If VOL(volser) is coded, then the library must be located on that specific volume. There can be multiple entries for dsn-2; as long as one entry matches dsn-2 in STEPLIB, then it is APF; otherwise not. APF is not indicated anywhere in the intrinsic definition of a library. No bit in catalog nor in VTOC nor anywhere else outside of the list of APF libraries built and managed by z/OS. At any moment a library may or may not be APF according to the current list, which may have additions or deletions or (effectively) updates since that last time it was checked. As complicated this may sound, APF can be determined/diagnosed by inspection with relative ease. It's not rocket surgery. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Saturday, November 19, 2016 2:05 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? On Sat, 19 Nov 2016 08:30:39 -0500, Peter Relson wrote: > >I assume that the subject of this thread should have been "Which data >set in the STEPLIB concatenation is not APF-authorized". > Me, too. And if that information were available the adress space could remain authorized as long as modules were loaded only from authorized catenands, and the failure of authorization could report "which data set", at least by catenand ordinal. >The DEB is build during OPEN. That processing examines the APF status >of every individual data set forming the concatenation. If any data set >is found that is not APF-authorized, then the DEB is marked as not APF >authorized (bit DEBAPFIN). (I think the bit is initialized "on" and >then simply turned off when a non-APF-authorized data set is found). By >the time "load" is being done, the information about an individual data >set is long gone. > I'll accept that as almost true. But BLDL (I assume LOAD uses that or something similar) needs to find the directories to search. I'm trying to RTRM and understand. I guess it can examine DEBAMLNG bytes in DEBEXTNM to find the first extent of each catenand which must contain the directory. But that's not enough to really identify the data set; only unit and address. Bummer. The pain customers endure because storage was so expensive a half-century ago that 32 bytes couldn't be spared for flags indicating which extents belong to authorized data sets. >CSVAPF is the programming interface for querying if an individual data >set is APF-authorized. To do it completely correctly, you have to know >if the data set is SMS-managed. > I've seen the SMS dependency mentioned earlier in this thread. Why? is it that APF is indicated in the DSCB for non-SMS and elsewhere for SMS? And I found nothing in the DEB about PDSE or UNIX files although BPAM now supports UNIX directories in mixed concatenations. How are those represented? Major and minor device numbers? It must be documented somewhere, even if only "The following N bytes are not GUPI." Hmmm. If I were to ALLOCATE a UNIX directory with DSORG=PS, RECFM-F,LRECL=256; could I read it as a PDS directory? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Sat, 19 Nov 2016 08:30:39 -0500, Peter Relson wrote: > >I assume that the subject of this thread should have been "Which data set >in the STEPLIB concatenation is not APF-authorized". > Me, too. And if that information were available the adress space could remain authorized as long as modules were loaded only from authorized catenands, and the failure of authorization could report "which data set", at least by catenand ordinal. >The DEB is build during OPEN. That processing examines the APF status of >every individual data set forming the concatenation. If any data set is >found that is not APF-authorized, then the DEB is marked as not APF >authorized (bit DEBAPFIN). (I think the bit is initialized "on" and then >simply turned off when a non-APF-authorized data set is found). By the >time "load" is being done, the information about an individual data set is >long gone. > I'll accept that as almost true. But BLDL (I assume LOAD uses that or something similar) needs to find the directories to search. I'm trying to RTRM and understand. I guess it can examine DEBAMLNG bytes in DEBEXTNM to find the first extent of each catenand which must contain the directory. But that's not enough to really identify the data set; only unit and address. Bummer. The pain customers endure because storage was so expensive a half-century ago that 32 bytes couldn't be spared for flags indicating which extents belong to authorized data sets. >CSVAPF is the programming interface for querying if an individual data set >is APF-authorized. To do it completely correctly, you have to know if the >data set is SMS-managed. > I've seen the SMS dependency mentioned earlier in this thread. Why? is it that APF is indicated in the DSCB for non-SMS and elsewhere for SMS? And I found nothing in the DEB about PDSE or UNIX files although BPAM now supports UNIX directories in mixed concatenations. How are those represented? Major and minor device numbers? It must be documented somewhere, even if only "The following N bytes are not GUPI." Hmmm. If I were to ALLOCATE a UNIX directory with DSORG=PS, RECFM-F,LRECL=256; could I read it as a PDS directory? -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
>Thanks, but you might want to read my OP >>There are various ways to check whether the current environment is APF authorized. >>For example, the TESTAUTH macro will give a return code to indicate >>APF or not. Charles, that response *was* an attempt to respond to a question of yours in your OP: "Even simpler question: is it possible for a program to check (only) its own AC(1) bit?" Checking a program's "AC(1)" bit is not usually overly relevant. Checking the resulting authorization of the jobstep is what is relevant, and TESTAUTH is the way to do that. I assume that the subject of this thread should have been "Which data set in the STEPLIB concatenation is not APF-authorized". The DEB is build during OPEN. That processing examines the APF status of every individual data set forming the concatenation. If any data set is found that is not APF-authorized, then the DEB is marked as not APF authorized (bit DEBAPFIN). (I think the bit is initialized "on" and then simply turned off when a non-APF-authorized data set is found). By the time "load" is being done, the information about an individual data set is long gone. CSVAPF is the programming interface for querying if an individual data set is APF-authorized. To do it completely correctly, you have to know if the data set is SMS-managed. Peter Relson z/OS Core Technology Design -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
OK, I stand enlightened. A particular extent can be identified by unit address and from there back to volser. I abide by my previous post. I would rather see IBM work on more productive enhancements. Seriously, how long does it take to debug a broken APF environment? It happens rarely, and with any experience at all the cause is clear. An application can test for APF and put out a message telling the user to investigate. (Abending is shameful.) That should be good enough. Also note that if APF is broken, the app might be hard put to issue commands or chase control blocks. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Ed Jaffe Sent: Friday, November 18, 2016 12:00 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? On 11/18/2016 9:43 AM, Jesse 1 Robinson wrote: > The fundamental difficulty of displaying/presenting the concatenation > sequence goes to the heart of program fetch and DEB management in general. > The mapping for a concatenation consists of a series of track extents for > input I/O; VOLSER identity is not part of the map. Not sure I agree with this. The DEB extent entry doesn't list the volser per se as a 6-byte character field, but it does have the 4-byte UCB address which is even better because with that you can find out not only volser but every else about the unit... -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On 11/18/2016 9:43 AM, Jesse 1 Robinson wrote: The fundamental difficulty of displaying/presenting the concatenation sequence goes to the heart of program fetch and DEB management in general. The mapping for a concatenation consists of a series of track extents for input I/O; VOLSER identity is not part of the map. Not sure I agree with this. The DEB extent entry doesn't list the volser per se as a 6-byte character field, but it does have the 4-byte UCB address which is even better because with that you can find out not only volser but every else about the unit... -- Edward E Jaffe Phoenix Software International, Inc 831 Parkview Drive North El Segundo, CA 90245 http://www.phoenixsoftware.com/ -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 13:40:36 -0500, Jim Mulder wrote: >> So ... if our messages could readily say "not authorized -- check >> STEPLIB(+2)" > > So you would like OPEN, when it builds a DEB in which the >DEBAPFIN is off, to provide in some DEB extension the >concatenation number of some data set which it found to be not >APF Authorized. > > That may be a reasonable thing to submit to DFSMS as a requirement >or request or whatever we call those things now. > Absolutely. And more usefully, if such an indication existed, when a module was loaded from a catenand not marked unauthorized it could proceed with the address space authorized. (I think it's called an RFE.) "extension"? Is there today no uncommitted bit in the DEB that could be exploited for the purpose? What does the DEB entry for a Program Object library catenand look like? Jesse Robinson cited insufficient information in the DEB as reason for the limitation. Such a clear understanding of tie cause is a large initial step toward designing a solution. Another ply (which I can't find) questioned the usefulness of mixing APF/non-APF in STEPLIB. By analogy, I understand that in bygone days LINKLIST was all-or-nothing; no mixture. Some customers must have reported sufficient need for a mixed LINKLIST that IBM relieved the restriction many releases ago. Similar arguments apply to STEPLIB. More so with JCLLIB. A user may choose not to undertake the effort of maintaining authorized and unauthorized but otherwise similar STEPLIB members for the respective purposes. -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
> So ... if our messages could readily say "not authorized -- check > STEPLIB(+2)" So you would like OPEN, when it builds a DEB in which the DEBAPFIN is off, to provide in some DEB extension the concatenation number of some data set which it found to be not APF Authorized. That may be a reasonable thing to submit to DFSMS as a requirement or request or whatever we call those things now. Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Thanks, but you might want to read my OP. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Friday, November 18, 2016 6:44 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? There are various ways to check whether the current environment is APF authorized. For example, the TESTAUTH macro will give a return code to indicate APF or not. No abend, just yay or nay. Given how simple it is to issue D PROG,APF, I for one would object to an IBM project for returning detail info -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 10:17:31 -0600, Paul Gilmartinwrote: >On Fri, 18 Nov 2016 07:21:20 -0600, Walt Farrell wrote: >> >>AC(1) is a setting in the directory entry for the load module, so all you >>would have to do is a BLDL and then look at the bit setting. However, unless >>the bit is off I'm not sure it helps you figure anything out. >> >Naive question: What member name do you use as argument for the BLDL? >In a different universe, I know it's argv(0). What you might use depends in part on the environment you run in, how you're invoked, how accurate you want to be, and what scenarios you want to handle. -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Sorry to ask, but what do you mean by volume boundaries are no longer available? We have a process that goes from DEB to DSSB and then it copies both the dataset name at offset 24 and the volser at offset 256 of the DSSB. Regards, Leo -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Jesse 1 Robinson Sent: Friday, November 18, 2016 12:44 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? There are various ways to check whether the current environment is APF authorized. For example, the TESTAUTH macro will give a return code to indicate APF or not. No abend, just yay or nay. Given how simple it is to issue D PROG,APF, I for one would object to an IBM project for returning detail info to a running program. APF authorization does not come or go willy-nilly. Once a process is established in production, nothing should change. If something does change, it should not take long to figure out what. (Who and why is a whole nother can of worms.) Also note at AC(1) is not required for every APF program. Only the first program--PGM=xx--in a chain needs to be marked AC(1). IBM has always recommended that *only* the first program in a call chain be marked AC(1). The others should be AC(0). The fundamental difficulty of displaying/presenting the concatenation sequence goes to the heart of program fetch and DEB management in general. The mapping for a concatenation consists of a series of track extents for input I/O; VOLSER identity is not part of the map. The APF indication is set--or unset--as each library is opened. Once the DEB is built, volume boundaries are no longer available. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Friday, November 18, 2016 9:11 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? Thanks all ... Various responses: - I know AC(1) is not sufficient for authorization, but AC(0) is sufficient for a lack of authorization, so given my problem of "tell the customer everything that is wrong" it would be one thing you would want to tell the customer. (The least likely cause in my experience because they just install, they don't compose linkedit control cards.) - Yes, authorized on some other volume or SMS/not is a real likely possibility but if I can just tell them STEPLIB(+2) is not authorized it would be a huge step forward. - No, "check the libraries against the output from 'D PROG,APF'" is not the easiest way from within a program, and outside of a program is subject to eyeball faults. - argv[0] is available in my universe - Bin's answer is kind of what I feared. Possibly more complexity than I want to take on for what is not really a software problem. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Marchant Sent: Friday, November 18, 2016 5:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On Fri, 18 Nov 2016 14:26:38 +0200, Binyamin Dissen wrote: >Use the normal services (SWAREQ, RDJFCB, etc.) to get the >DSNAMES/VOLSERs of the STEPLIB libraries, and then > > CSVAPF REQUEST=QUERY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
There are various ways to check whether the current environment is APF authorized. For example, the TESTAUTH macro will give a return code to indicate APF or not. No abend, just yay or nay. Given how simple it is to issue D PROG,APF, I for one would object to an IBM project for returning detail info to a running program. APF authorization does not come or go willy-nilly. Once a process is established in production, nothing should change. If something does change, it should not take long to figure out what. (Who and why is a whole nother can of worms.) Also note at AC(1) is not required for every APF program. Only the first program--PGM=xx--in a chain needs to be marked AC(1). IBM has always recommended that *only* the first program in a call chain be marked AC(1). The others should be AC(0). The fundamental difficulty of displaying/presenting the concatenation sequence goes to the heart of program fetch and DEB management in general. The mapping for a concatenation consists of a series of track extents for input I/O; VOLSER identity is not part of the map. The APF indication is set--or unset--as each library is opened. Once the DEB is built, volume boundaries are no longer available. . . J.O.Skip Robinson Southern California Edison Company Electric Dragon Team Paddler SHARE MVS Program Co-Manager 323-715-0595 Mobile 626-302-7535 Office robin...@sce.com -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: Friday, November 18, 2016 9:11 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: (External):Re: Which STEPLIB concatenation is not authorized? Thanks all ... Various responses: - I know AC(1) is not sufficient for authorization, but AC(0) is sufficient for a lack of authorization, so given my problem of "tell the customer everything that is wrong" it would be one thing you would want to tell the customer. (The least likely cause in my experience because they just install, they don't compose linkedit control cards.) - Yes, authorized on some other volume or SMS/not is a real likely possibility but if I can just tell them STEPLIB(+2) is not authorized it would be a huge step forward. - No, "check the libraries against the output from 'D PROG,APF'" is not the easiest way from within a program, and outside of a program is subject to eyeball faults. - argv[0] is available in my universe - Bin's answer is kind of what I feared. Possibly more complexity than I want to take on for what is not really a software problem. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Marchant Sent: Friday, November 18, 2016 5:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On Fri, 18 Nov 2016 14:26:38 +0200, Binyamin Dissen wrote: >Use the normal services (SWAREQ, RDJFCB, etc.) to get the >DSNAMES/VOLSERs of the STEPLIB libraries, and then > > CSVAPF REQUEST=QUERY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Thanks all ... Various responses: - I know AC(1) is not sufficient for authorization, but AC(0) is sufficient for a lack of authorization, so given my problem of "tell the customer everything that is wrong" it would be one thing you would want to tell the customer. (The least likely cause in my experience because they just install, they don't compose linkedit control cards.) - Yes, authorized on some other volume or SMS/not is a real likely possibility but if I can just tell them STEPLIB(+2) is not authorized it would be a huge step forward. - No, "check the libraries against the output from 'D PROG,APF'" is not the easiest way from within a program, and outside of a program is subject to eyeball faults. - argv[0] is available in my universe - Bin's answer is kind of what I feared. Possibly more complexity than I want to take on for what is not really a software problem. Charles -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Tom Marchant Sent: Friday, November 18, 2016 5:38 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On Fri, 18 Nov 2016 14:26:38 +0200, Binyamin Dissen wrote: >Use the normal services (SWAREQ, RDJFCB, etc.) to get the >DSNAMES/VOLSERs of the STEPLIB libraries, and then > > CSVAPF REQUEST=QUERY -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 14:26:38 +0200, Binyamin Dissen wrote: >Use the normal services (SWAREQ, RDJFCB, etc.) to get the DSNAMES/VOLSERs of >the STEPLIB libraries, and then > > CSVAPF REQUEST=QUERY > >on each one. And if you find that the data set name is not APF authorized, you will want to report that on is not APF authorized. The same DSNAME may be authorized on a different volume. And don't forget the distinction for SMS managed volumes. Don't know how you'll determine that the volume is SMS managed. -- Tom Marchant -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 07:21:20 -0600, Walt Farrell wrote: > >AC(1) is a setting in the directory entry for the load module, so all you >would have to do is a BLDL and then look at the bit setting. However, unless >the bit is off I'm not sure it helps you figure anything out. > Naive question: What member name do you use as argument for the BLDL? In a different universe, I know it's argv(0). -- gil -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 13:24:01 +, Vernooij, Kees (ITOPT1) - KLMwrote: >Even so: the fact that AC(1) is on still does not mean that the library is APF >authorized and that the module will run authorized. Right. That's why I said I didn't think he could draw any conclusions unless the bit in the directory is _off_ :) -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Even so: the fact that AC(1) is on still does not mean that the library is APF authorized and that the module will run authorized. Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Walt Farrell Sent: 18 November, 2016 14:21 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Which STEPLIB concatenation is not authorized? On Fri, 18 Nov 2016 12:26:41 +0100, Charles Mills <charl...@mcn.org> wrote: >Even simpler question: is it possible for a program to check (only) its own >AC(1) bit?" I'm not sure I understand what you mean by "its own AC(1) bit". AC(1) is a setting in the directory entry for the load module, so all you would have to do is a BLDL and then look at the bit setting. However, unless the bit is off I'm not sure it helps you figure anything out. -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
On Fri, 18 Nov 2016 12:26:41 +0100, Charles Millswrote: >Even simpler question: is it possible for a program to check (only) its own >AC(1) bit?" I'm not sure I understand what you mean by "its own AC(1) bit". AC(1) is a setting in the directory entry for the load module, so all you would have to do is a BLDL and then look at the bit setting. However, unless the bit is off I'm not sure it helps you figure anything out. -- Walt -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Well, the 'easiest' way still seems to me: check the libraries against the output from 'D PROG,APF'. Kees. -Original Message- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Charles Mills Sent: 18 November, 2016 12:27 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Which STEPLIB concatenation is not authorized? While we're discussing STEPLIB concatenations and APF authorization, is there any fairly straightforward way for a running program to determine "which STEPLIB concatenation[s] made me not APF-authorized?" (I suspect I know the answer and it is No ...) I totally get the reason APF-authorization and STEPLIB concatenation is the way it is, and I am not arguing with that at all. Here's the problem. As a software vendor, on new installs we often get customers saying "your product puts out a message saying it is not authorized but we're sure we authorized the library" and it is often a painful process taking them through checking each concatenation. The dialog often turns argumentative with the customer saying "WE TOLD YOU ALL THE LIBRARIES ARE AUTHORIZED" and our support techs trying to explain that TESTAUTH says differently. Of course it always turns out to be a typo or a bad volser or SMS versus not or something like that. So far TESTAUTH has not been wrong once! So ... if our messages could readily say "not authorized -- check STEPLIB(+2)" or "not authorized -- check SYS1.FOO.LOAD" it would be a big help. Even simpler question: is it possible for a program to check (only) its own AC(1) bit?" Again, I am looking for straightforward solutions. I'm not looking to implement some huge library search process. I'm looking for something like a bit in the DEB or something like that. Charles -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286 -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
Re: Which STEPLIB concatenation is not authorized?
Use the normal services (SWAREQ, RDJFCB, etc.) to get the DSNAMES/VOLSERs of the STEPLIB libraries, and then CSVAPF REQUEST=QUERY on each one. The DEB applies to the entire DD statement. On Fri, 18 Nov 2016 12:26:41 +0100 Charles Millswrote: :>While we're discussing STEPLIB concatenations and APF authorization, is :>there any fairly straightforward way for a running program to determine :>"which STEPLIB concatenation[s] made me not APF-authorized?" (I suspect I :>know the answer and it is No ...) :> :>I totally get the reason APF-authorization and STEPLIB concatenation is the :>way it is, and I am not arguing with that at all. Here's the problem. :> :>As a software vendor, on new installs we often get customers saying "your :>product puts out a message saying it is not authorized but we're sure we :>authorized the library" and it is often a painful process taking them :>through checking each concatenation. The dialog often turns argumentative :>with the customer saying "WE TOLD YOU ALL THE LIBRARIES ARE AUTHORIZED" and :>our support techs trying to explain that TESTAUTH says differently. Of :>course it always turns out to be a typo or a bad volser or SMS versus not or :>something like that. So far TESTAUTH has not been wrong once! :>So ... if our messages could readily say "not authorized -- check :>STEPLIB(+2)" or "not authorized -- check SYS1.FOO.LOAD" it would be a big :>help. :>Even simpler question: is it possible for a program to check (only) its own :>AC(1) bit?" :>Again, I am looking for straightforward solutions. I'm not looking to :>implement some huge library search process. I'm looking for something like a :>bit in the DEB or something like that. -- Binyamin Dissen http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel Should you use the mailblocks package and expect a response from me, you should preauthorize the dissensoftware.com domain. I very rarely bother responding to challenge/response systems, especially those from irresponsible companies. -- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN