For decades, the IBM standard initiator has used a special form of ATTACH to allow Authorized programs to execute via JCL. The replacement JCL and Clist language I invented (Jol - see www.Oscar-Jol.com) and a more recent set of programs I wrote to allow Long Parms (3,000 characters) and Symbolic Parameters to be used in Control Cards (CBT Tape number 839) used the same ATTACH as the IBM Initiator uses. Thus properly Authorized can execute Authorized, and non-Aithorized can't do Authorized things.
Jol was used by Amoco (USA) for decades, as well as Shell Oil, Air New Zealand and many other companies without a problem using this special form of ATTACH. You might find it would save time to look at the Source Code and duplicate it, or use one of my programs as is to execute Authorised Programs with Long Parmeters, or with control cards created via standard Symbolic Parameters. Or use Jol itself. See CBT Tape number 839. http://www.cbttape.org/ftp/cbt/CBT839.zip Clement Clarke Scott Ford wrote: John, I agree , I understand from a system integrity point of view why going from ac(0) to ac(1) is dangerous and understand why the customers ask the questions, boy do I... On Monday, March 16, 2015, John McKown wrote: Why stay in key 0? You could use another key in1..7 and most system services will work. But you will need to be careful in updating storage. You could use something like MVCDK to move bytes from location to location. But use of register to storage is going to be a problem. I'm not really suggesting that you do either. But I don't have a _simple_ solution for you either. On Mar 16, 2015 5:31 PM, "Charles Mills" wrote: I don't really know but my logic goes like this: You can only turn JCSBAUTH back on if you are key 0, otherwise you will S0C4. So you could set key 0, and then turn JSCBAUTH off, "do stuff," and then turn it back on again -- but if you are going to run for any length of time "doing stuff" in key 0 you might just as well leave JSCBAUTH on, and if on the other hand you are going to go to user key, you are stuck there once you turn JSCBAUTH off. Does that make sense? Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected] ] On Behalf Of Scott Ford Sent: Monday, March 16, 2015 3:20 PM To: [email protected] Subject: Re: IEBCOPYO (was: APF-authorized ...) I have a related question to this very informative thread. Inside a long running task, i.e.; stc can you turn off APF authorization and turn back on ? Btw I have customers asked about this. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
