Post z/OS 2.3, only programs in system keys (0-7) will be able to store into common dataspaces (and CSA). Non-fetch protected system key SCOPE=COMMON data spaces (and non-fetch protected system key CSA) continue to be supported.
Jim Mulder z/OS Diagnosis, Design, Development, Test IBM Corp. Poughkeepsie NY IBM Mainframe Discussion List <[email protected]> wrote on 05/16/2018 07:56:02 AM: > From: Robin Atwood <[email protected]> > To: [email protected] > Date: 05/16/2018 11:28 AM > Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation > Sent by: IBM Mainframe Discussion List <[email protected]> > > So post z/OS 2.3 only programs in system keys (0-7) will be able to access > common dataspaces? What happens if you specify FPROT=NO on DSPSERV? > > Thanks > Robin > > > -----Original Message----- > > From: IBM Mainframe Discussion List [mailto:[email protected]] On > > Behalf Of Jousma, David > > Sent: 15 May, 2018 19:57 > > To: [email protected] > > Subject: Re: UserKEY CSA/Dataspace scope=common Remdiation > > > > One more time.... All *user-key SCOPE=COMMON dataspaces. > > > > Jim Mulder > > > > Apr 5 > > > > Re: [EXTERNAL] Re: UA94606 > > VSM ALLOWUSERKEYCSA(NO) > > > > only prevents obtaining user key CSA. > > It does not prevent creating a user key CADS, or using CHANGKEY > > to change the key of subpool 247 or 248 (DREF SQA) storage to > > user key. > > > > The health check and the new SMF 30 field report all three of those > > types of security issues, and all three will be disallowed in the next > > release after z/OS 2.3. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
