We are authenticating with a distinquished name pattern that looks similar to
this(masked). Your security team should be able to provide you with the proper
name pattern for your shop.
uid={0},ou=accounts,ou=bbb,dc=yourorg,dc=com
On Wed, 9 Nov 2016 11:51:59 -0500, Tony Harminc wrote:
>On 8 November 2016 at 22:04, Jim Mulder wrote:
>> The OA50565 fix changed the TSO/E environment service to turn on PSCBJCL
>> when running in an APF authorized jobstep (i.e. when JCSBAUTH is on).
>>
On 8 November 2016 at 22:04, Jim Mulder wrote:
> The OA50565 fix changed the TSO/E environment service to turn on PSCBJCL
> when running in an APF authorized jobstep (i.e. when JCSBAUTH is on).
> IDCAMS is linked in SYS1.LINKLIB with AC(1), so an EXEC PGM=IDCAMS jobstep
> is
Upon further investigation of the code, APF authorization by itself is
not sufficient.
There is also an internal undocumented part of the IKJTSOEV interface
which
IDCAMS uses.
There is no way to remove the environment created by IKJTSOEV (other
than
job step termination). There is no
I was only trying to answer the question of how OA50565 allows this
to work for IDCAMS. I don't know if there was any "rational for
newly restricting JCL permission in a batch job". I would guess that
the original design of IKJTSOEV did not consider PSCBJCL or PSCBVMNT,
so they always were
Jim-
Thanks, so we need to apply the PTF. I will changes my code to check for
PSCBJCL and only force it on if necessary.
Cheers
Robin
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On
Behalf Of Jim Mulder
Sent: 09 November 2016 10:05
To: