[prev in list] [next in list] [prev in thread] [next in thread] 

List:       racf-l
Subject:    Re: WHEN((PROGRAM)
From:       Charles Mills <charlesm () MCN ! ORG>
Date:       2017-06-30 20:50:24
Message-ID: 038801d2f1e2$8260ca90$87225fb0$ () mcn ! org
[Download RAW message or body]

Thanks, guys. Okay, I will have to read some more.

Not trying to solve any particular problem here. Or actually, was trying =
to solve and different problem and ran into PROGRAM and thought "how can =
that work?"

Charles


-----Original Message-----
From: RACF Discussion List [mailto:RACF-L@LISTSERV.UGA.EDU] On Behalf Of =
Doug Behrends
Sent: Friday, June 30, 2017 11:57 AM
To: RACF-L@LISTSERV.UGA.EDU
Subject: Re: WHEN((PROGRAM)

When specifying conditional access based on the executing program, you =
need
to provide control over who can execute that program.  You can find a
pretty good explanation here.....
 =
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.v=
2r2.icha700/padsec.htm
<https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.=
v2r2.icha700/padsec.htm>

Doug Behrends
Sr Professional Services Consultant

VANGUARD Integrity Professionals
Enterprise Security Software
6625 S. Eastern Avenue, Suite 100
Las Vegas, Nevada 89119

On Fri, Jun 30, 2017 at 1:11 PM, Charles Mills <charlesm@mcn.org> wrote:

> Am I missing something? Suppose a RACF administrator grants access to =
some
> resource WHEN(PROGRAM(IKJPZ123)). That *looks* like only one program =
has
> access to the resource, but in fact couldn't any halfway skilled =
programmer
> (otherwise permitted to the resource) write a program, store it in his =
own
> load library as IKJPZ123, and access the resource that way? Or in my
> extensive RACF ignorance am I missing something?
>
>
>
> Charles
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]