[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    =?ISO-8859-1?Q?Re=3A_Zapping_user=B4s_ACEE?=
From:       jan de decker <jan.jedsp () GMAIL ! COM>
Date:       2011-12-23 11:18:09
Message-ID: CADEq6i8bWbALdkR-U-9RuAOk0xZM2Qi+ysXCxd8d-Boi_iBBtA () mail ! gmail ! com
[Download RAW message or body]

Hi,


If you want to have access to a profile, you could write a small RACROUTE
REQUEST=AUTH (ICHRCX02) assembler exit that for example could do the
following

fields mapped by ICHRCXP macro

RCXCLASS  the class you do not want authorisation checking

RCXENORP the profile or ENTITY

RCXACEE    points to the ACEE where you can check the userid

Assume that you want to grant temporary access for your userid on a
specific profile in a class.

Check the USERID in the ACEE
Check the profile and the class
WTOR to ask access

If all well, set the return code to zero and return
Otherwise
Issue a LOAD of ICHRIX02, if it is found pass control to it

You can activate this by an IPL and dynamically by a job that in step1

Hammer the exit into place

Load your reentrant exit in CSA
Start with x'00'
map as PSA
PSA + x'10'     FLCCVT points to CVT
CVT + x'3F0'    CVTRAC points the RCVT
RCVT + x'A4'   RCVTRCXP
If this is non-zero
Set to the address of your exit

Step 2
 do what you have to do

Step 3

reset your RCVTRCXP pointer

do a LOAD of ICHRCX02
if found set the address in the RCVT, otherwise, set it to 0


Best regards,


jan

On Thu, Dec 22, 2011 at 6:08 PM, Russell D Hardgrove <hardgrov@us.ibm.com>wrote:

> John,    yes.   When this is practiced, all will become clear if it will
> WORK or not.
>
> The day the "S  H  t  F"  is  -NOT- the day to discover how or if it
> actually works.       A D/R maxim.
>
> Else why (and when) I usually get involved.   :-|
>
>
> .
> --------------------------------------------------
> Russ Hardgrove / RACF Lvl2
> IBM - z/OS  Software Service
> Dept. EC8A   Bldg. 707 - 2/F19
> Poughkeepsie, NY  12601
> hardgrov@us.ibm.com  845-435-3279
>            or  295-3279 (T/L)
> --------------------------------------------------
> "RACF: Guilty, until proven innocent !!"    RdH 2004
> "RACF, praesumitur malus donec probetur bonus"    RdH     MMX
> << Continually proving this (innocence) is not just a JOB, it's an
> -ADVENTURE-   :-b  .. >>
> ...
>
>
>
> From:
> "McKown, John" <John.McKown@HEALTHMARKETS.COM>
> To:
> RACF-L@listserv.uga.edu
> Date:
> 12/22/2011 12:02 PM
>  Subject:
> RE: Zapping user´s ACEE
>
>
>
> > -----Original Message-----
> > From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU]
> > On Behalf Of Russell D Hardgrove
> > Sent: Thursday, December 22, 2011 10:45 AM
> > To: RACF-L@LISTSERV.UGA.EDU
> > Subject: RE: Zapping user´s ACEE
> >
> > Randy,
> >
> > Yes,   But this assumes he has a certain profile in STARTED
> > class where
> > (basically)  user = proc
> >
> > Or (if still used) ICHRIN03 has a like member.
> >
> >
> > Typically THOSE constructs disallow (uses a SPECFICALLY named
> > group) PROCS
> > to be aligned with SPECIAL users.     Do not HAVE special
> > users connected
> > TO that group.
>
> Ah! but perhaps he can create a new ICHRIN03 for the OS/390 system using
> the z/OS 1.11 system. Or, at the very least, use AMASPZAP to update the
> ICHRIN03 on the OS/390 system's LINKLIB from the z/OS 1.11 system.
>
> --
> John McKown
> Systems Engineer IV
> IT
>
> Administrative Services Group
>
> HealthMarkets®
>
> 9151 Boulevard 26 . N. Richland Hills . TX 76010
> (817) 255-3225 phone .
> john.mckown@healthmarkets.com . www.HealthMarkets.com<http://www.healthmarkets.com/>
>
> Confidentiality Notice: This e-mail message may contain confidential or
> proprietary information. If you are not the intended recipient, please
> contact the sender by reply e-mail and destroy all copies of the original
> message. HealthMarkets® is the brand name for products underwritten and
> issued by the insurance subsidiaries of HealthMarkets, Inc. -The
> Chesapeake Life Insurance Company®, Mid-West National Life Insurance
> Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM
>
[prev in list] [next in list] [prev in thread] [next in thread]