You must not have auditors. This is a security breach waiting to happen. How do you prevent someone from calling their program the same name as one in the internal table?
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Emily A. Rambo Sent: Friday, April 22, 2011 12:27 PM To: [email protected] Subject: Re: Mixing Auth and Non-Auth Modules If there's no way to get what you need without using the functions that IBM requires be authorized, here's another possibility. We had a sysprog years ago who coded a user SVC that could be called to flip the JSCBAUTH bit on or off, with a very short list of program names in an internal table that are allowed to call the user SVC. It was needed for a dynamic allocation common module (SVC99) because IBM required that the caller be authorized in order to code the WAIT FOR UNITS parameter. We were having a lot of contention with tape drives at the time (pre virtual tape days). The dynalloc module called the user SVC to get itself authorized if wait for units was requested, it issued the SVC99, then called the user SVC again to de-authorize. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html This e-mail may contain confidential or privileged information. If you think you have received this e-mail in error, please advise the sender by reply e-mail and then delete this e-mail immediately. Thank you. Aetna ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
