My guess is that the security bypass was for opening paging and swap data sets and maybe STGINDEX.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Walt Farrell <[email protected]> Sent: Monday, July 30, 2018 11:14 AM To: [email protected] Subject: Re: Security bypass on key 0 / sup state VSAM OPEN was Re: A curiosity Question On Sat, 28 Jul 2018 12:00:51 -0300, Clark Morris <[email protected]> wrote: >[Default] On 27 Jul 2018 17:41:11 -0700, in bit.listserv.ibm-main >[email protected] (Rob Schramm) wrote: > >>I am not sure.. They out those extended checks with smf 82's.. and put some >>use parameters in the asymuse. >> >>I don't like bypassing security calls.. it's just a slippery slope to >>bypassing all of it. > >Why should OPEN security checking be bypassed for VSAM and no other >access method in key 0 / supervisor state. As far as I know only the VSAM designers who made that decision decades ago would know. My guess: some system component that could not tolerate the check (at that time probably for passwords, via an operator prompt) could not tolerate the interruption, so they decided to bypass the security check. Also, there is (or was) very little usage of OPEN for VSAM files by supervisor state or key 0 programs. I found out about it many years ago while working on a customer problem report while I was in RACF Development. At that time it was undocumented. I recall that the VSAM team determined that behavior to be so old and ingrained to the processing that it could not be changed safely, for compatibility reasons if I remember correctly. But I did convince them it needed to be documented. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
