I would never suggest directly turning on JSCBAUTH. If you must switch authorization state, relegate the code to a subtask, use RSAPF=YES and follow all of the documented restrictions.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 עַם יִשְׂרָאֵל חַי נֵ֣צַח יִשְׂרָאֵ֔ל לֹ֥א יְשַׁקֵּ֖ר ________________________________________ From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> on behalf of Binyamin Dissen <00000662573e2c3a-dmarc-requ...@listserv.ua.edu> Sent: Tuesday, November 19, 2024 1:13 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Program Authorization: Unauthorized programs calling Authorized External Message: Use Caution On Mon, 18 Nov 2024 16:12:02 -0600 Steve Beaver <0000050e0c375a14-dmarc-requ...@listserv.ua.edu> wrote: :>Seymour I didn't disagree however teaching anyone how to turn on the JSCBAUTH bit is stupid If someone has authority to update APF libraries, telling him about the fully documented JSCBAUTH bit is a nothing burger. You need KEY0 to do it, and if you have KEY0 you can pretty much do what you want. Of course setting it, like setting DEBAPFIN or using TPROT to verify the key of storage and then using KEY0 to update it, it is a bad idea - there are better ways to use granularity to provide the business need without kicking over the barn. -- Binyamin Dissen <bdis...@dissensoftware.com> http://www.dissensoftware.com/ Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
