On Wed, 6 Mar 2019 19:01:25 +0200, Steff Gladstone <steff.gladst...@gmail.com> wrote:
> >This works ok for privileged users (i.e., the subtasking and I/O logic >works fine, the COBOL I/O routine is not reintiaiized on each call, and of >course there are no RACF issues). But for non-privileged users RACF issues >the following error message just after the COBOL I/O routine is called by >the subtask:: > >ICH418I CONDITIONAL ACCESS LIST FOR DATA SET output.dataset DID NOT GRANT >AUTHORITY TO PROGRAM(S): EXEC CALL EXEC CALL > >This despite the fact that the COBOL I/O routine is executing under a >separate subtask. Again, subtasking does not provide the isolation you need. The parallel environment created by TSOEXEC (or by IKJEFTSR) is needed if you were having problems with a dirty TSO environment. Your problem with EXEC and CALL is probably that you did not define PROGRAM ** properly. And if you're going to be using a separately loaded I/O routine, as opposed to something built into your program, you'll probably want to use Enhanced Program Control (again, please read that section of the RACF Security Administrators Guide), which provides better security and restricts access to the main load module that you expect the users to execute. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
