Hi:
Based on this explanation:
I need to allow or deny specific JCL parameters based on the job
name, *not* on the user id
could you use the batch JOB name as a LOGONID. That is, define each JOB
name to ACF2 as a LOGONID (or, one LOGONID per each set of JOB names of
a certain pattern).
In listserv%200901260812374232.0...@bama.ua.edu, on 01/26/2009
at 08:12 AM, Mark Zelden mark.zel...@zurichna.com said:
But I think there are much better ways of handling this.
I don't have the authority to change existing shop standards.
Some of those suggestions have already been given.
If
In listserv%200901261716349266.0...@bama.ua.edu, on 01/26/2009
at 05:16 PM, Andy Wood woo...@ozemail.com.au said:
Without a better understanding of what you are trying to do
As I wrote in my original message, I'm trying to get hard coded tests of
specific substrings of the job name, used to
In listserv%200901261324322136.0...@bama.ua.edu, on 01/26/2009
at 01:24 PM, Joe D'Alessandro joseph.d'alessan...@fiserv.com said:
So what we are discussing is a varying UID string presented to ACF2 for
adjudication: a possible different UID when the LID's running JOBA vs.
JOBB.
Yes.
In the
In listserv%200901261355380886.0...@bama.ua.edu, on 01/26/2009
at 01:55 PM, Mark Zelden mark.zel...@zurichna.com said:
Even if it is possible, I don't like the idea
I don't like the idea either, but I like the idea of having to edit,
assemble, link and activate IEFUJV every time the rules
In listserv%200901261212505905.0...@bama.ua.edu, on 01/26/2009
at 12:12 PM, Joe D'Alessandro joseph.d'alessan...@fiserv.com said:
Is there already an eight byte empty /unused area in the UID now between
FUNCTION and LOGONID?
No.
If you add a field to the UID (and expand it, rather than
.
Cheers
Wolfgang Schäfer
- Original Message -
From: Shmuel Metz (Seymour J.) shmuel+ibm-m...@patriot.net
Newsgroups: bit.listserv.ibm-main
To: IBM-MAIN@BAMA.UA.EDU
Sent: Tuesday, January 27, 2009 12:27 PM
Subject: Re: ACF2: populating UID string from job name?
In 497d923c.cee3.003
Shmuel Metz (Seymour J.) wrote:
In listserv%200901261716349266.0...@bama.ua.edu, on 01/26/2009
at 05:16 PM, Andy Wood woo...@ozemail.com.au said:
Without a better understanding of what you are trying to do
As I wrote in my original message, I'm trying to get hard coded tests of
specific
In 497d923c.cee3.003...@edfund.org, on 01/26/2009
at 10:36 AM, Natarajan Mohan nmo...@edfund.org said:
Instead consider defining a resource class ex. JOBNAME and issue RACROUTE
AUTH to the class JOBNAME with ATTR(READ).
That wouldn't do what I'm trying to do. I need to allow or deny specific
On Tue, 27 Jan 2009 06:34:07 -0500, Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
In listserv%200901260812374232.0...@bama.ua.edu, on 01/26/2009
at 08:12 AM, Mark Zelden mark.zel...@zurichna.com said:
But I think there are much better ways of handling this.
I don't have the
On Tue, 27 Jan 2009 06:42:48 -0500, Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
In listserv%200901261355380886.0...@bama.ua.edu, on 01/26/2009
at 01:55 PM, Mark Zelden mark.zel...@zurichna.com said:
Even if it is possible, I don't like the idea
I don't like the idea either,
On Tue, 27 Jan 2009 06:36:26 -0500, Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
In listserv%200901261212505905.0...@bama.ua.edu, on 01/26/2009
at 12:12 PM, Joe D'Alessandro joseph.d'alessan...@fiserv.com said:
Is there already an eight byte empty /unused area in the UID now
In listserv%200901220757028624.0...@bama.ua.edu, on 01/22/2009
at 07:57 AM, Mark Zelden mark.zel...@zurichna.com said:
I think the answer is no, but I'm not sure I understand what you are
trying to do.
Security rules that mask against the job name, in place of current code in
IEFUJV.
The
In listserv%200901221733125649.0...@bama.ua.edu, on 01/22/2009
at 05:33 PM, Andy Wood woo...@ozemail.com.au said:
Can't you just issue a SAF AUTH call with an ENTITY containing whatever
it is you want to check?
No. In order to do that the job name would have to be part of the UID
string.
--
On Mon, 26 Jan 2009 06:25:31 -0500, Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
So are you proposing that your UID string look something like this (of
course this is a made up example):
FieldLen
--- --
DIVISION 2 static
DEPARTMENT 3 static
Hi:
Just to clarify: I believe the lengths of these fields are static. And the
LID is
8 bytes long in the delivered product. Some of us have 8 bytes LIDs (for CICS
or other non-TSO users). I am not sure what static meant in the chart
(values)?
In any case, we are talking about a UID
On Mon, 26 Jan 2009 12:12:50 -0600, Joe D'Alessandro
joseph.d'alessan...@fiserv.com wrote:
Hi:
Just to clarify: I believe the lengths of these fields are static. And
the LID is
8 bytes long in the delivered product. Some of us have 8 bytes LIDs (for CICS
or other non-TSO users). I am not sure
Hi,
ACF2 FDR needs to be changed to accommodate any changes in UID string of LID.
Which would result in access rules being changed all over the place.
Instead consider defining a resource class ex. JOBNAME and issue RACROUTE AUTH
to the class JOBNAME with ATTR(READ).
Example to define a
Mark:
Thanks for the clarification. I had not undertood this phrase populating UID
string from the job name in that manner, as I think of the UID as being part
of
a user's identification.
So what we are discussing is a varying UID string presented to ACF2 for
adjudication: a possible
On Mon, 26 Jan 2009 13:24:32 -0600, Joe D'Alessandro
joseph.d'alessan...@fiserv.com wrote:
Mark:
Thanks for the clarification. I had not undertood this phrase populating UID
string from the job name in that manner, as I think of the UID as being
part of
a user's identification.
So what we are
On Mon, 26 Jan 2009 06:27:19 -0500, Shmuel Metz (Seymour J.) shmuel+ibm-
m...@patriot.net wrote:
Can't you just issue a SAF AUTH call with an ENTITY containing whatever
it is you want to check?
No. In order to do that the job name would have to be part of the UID
string.
Well, if you say so.
ACF2[1] authorization is done by pattern matching of rules against an
installation-defined construct called the UID string. The fields in the
UID string come from the ACF2 logon id (LID) record.
I'm dealing with an old IEFUJV that does a lot of cross checking of
different substrings of the job
On Thu, 22 Jan 2009 07:10:10 -0500, Shmuel Metz (Seymour J.)
shmuel+ibm-m...@patriot.net wrote:
ACF2[1] authorization is done by pattern matching of rules against an
installation-defined construct called the UID string. The fields in the
UID string come from the ACF2 logon id (LID) record.
I'm
- Original Message -
From: Shmuel Metz , Seymour J. shmuel+ibm-m...@patriot.net
Newsgroups: bit.listserv.ibm-main
Sent: Thursday, January 22, 2009 7:12 AM
Subject: ACF2: populating UID string from job name?
ACF2[1] authorization is done by pattern matching of rules against
I'm not sure that you want to be messing with the UID.
Can't you just issue a SAF AUTH call with an ENTITY containing whatever it is
you want to check?
That would be similar in concept to the JESJOBS SUBMIT ENTITY
SUBMIT.NODENAME.JOBNAME.USERID.
25 matches
Mail list logo
