>You do not give them access to the target or distribution libraries. >That would prevent APPLY/ACCEPT.
But you would give the same people update access to the PTS and CSI? Wouldn't that just make it possible for a determined person to create or modify a PTF so that the authorized person can implement it for them? For example, it would be fairly simple for a trained person to modify SMP input for a HIPER PTF to add JCLIN and a new CSECT that replaces almost any SVC on the system. They receive it to the PTS, the systems programmer installs the modified PTF, and unknowingly implements whatever security hole the originator wants. For me, the SMP libraries are at most read only for anyone except the systems programmers. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html