> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:ibm-m...@bama.ua.edu] On Behalf Of Rob Scott > Sent: Friday, April 16, 2010 7:51 AM > To: IBM-MAIN@bama.ua.edu > Subject: Re: Internal (program) start of an STC - MGCRE vs. ASCRE > > >>I don't think I can use a single STC because I want the STC > to service multiple users, each with their own RACF security > environment (different z/OS RACF ids). > > This is possible within z/OS and exactly why the TCBSENV > field exists. > > Rob Scott
Now that you mention it, I remember that ROSCOE did this too. Unfortunately, I don't know how to do this, and can't find documentation on it that I understand (I think this is some RACROUTE function, VERIFYX?). I do seem to understand the BPX1SEC service, which is address space oriented. Perhaps I should just "go UNIX" and use POSIX threads with the BPX1TLS (pthread_security_np) service. I don't know why, but these just seem easier to use, to me. Then again, there's the RACF callable service: IRRSIA00. Also, if I use a separate address space, I don't need to worry about deleting the ACEE. I don't know what happens when a subtask does a VERIFYX to set the TCBSENV terminates. I would like a RACF SMF records to be cut like happens with CICS on the CESN and CESF commands. I haven't seen a "Programming RACF Interfaces for Dummies" book around. Not that I'm likely to actually __do__ this. My company is very tight on CPU and likely would not approve me "doing things in order to lea! rn" anymore. Another point is the SDSF OWNER field. With different STCs, one per user, I think the SDSF OWNER would show who was "logged on" to the service via that STC. Of course, I could make the STC respond to a MODIFY command such as: F STCNAME,LIST USERS or some such. Also, the resource usage would be recorded to a specific STC, and thus user, in the SMF records cut for the STC. At least I hope the SMF records would show the "logged on" RACF id for the STC. But, if I use the MGCRE to do a START, then I'm going to put the RACF id in the start: START STCJCL.racfid or maybe use a started JOB: START STCJCL,JOBNAME=racfid. -- John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * (817)-961-6183 cell john.mck...@healthmarkets.com * www.HealthMarkets.com Confidentiality Notice: This e-mail message may contain confidential or proprietary information. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. HealthMarkets(r) is the brand name for products underwritten and issued by the insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance Company(r), Mid-West National Life Insurance Company of TennesseeSM and The MEGA Life and Health Insurance Company.SM ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
