It's been many years since I've worked at an ACF2 shop so my comments must be viewed in the contexts of RACF or Top Secret, products I am familiar with. Another poster likened ACF2's security privilege as being quite powerful. That being the case, I'd recommend that you ruthlessly restrict and guard the situations where any ID performs system wide security functions. Bad things can happen if you don't.
Attempting to re-interpret your original post, it sounds like you wish for certain users to perform ACF2 administration within the limitations of a certain ISPF application but not from native TSO or ISPF. Am I closer to understanding your intent? -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bathmaker, Jon Sent: Friday, April 23, 2010 10:20 AM To: [email protected] Subject: Re: Turning on ACF2 SECURITY Privilege through an exit . . . Hi Tony, We want the users to have the SECURITY privilege while they are using an ISPF application and ONLY while they are using this app. If we grant them SECURITY using a command they will have that privilege the next time they logon to TSO, regardless of the app., and that 'would be wrong' (as Mr. Nixon said). Does this explain it ? Regards, Jon IBM Certified zSeries Technical Specialist, Senior Systems Programmer RDO Americas - Workspace Security D: 212-325-4714 M: 519-500-7927 -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Tony @ Comcast Sent: Friday, April 23, 2010 11:13 AM To: [email protected] Subject: Re: Turning on ACF2 SECURITY Privilege through an exit . . . Is this Friday humor or am I misinterpreting the question? What's the point of "losing it" after they log off. How could they possibly access anything after they log off (unless they submitted some batch jobs while logged on?). Should their batch jobs lose their authorization after EOJ? Where's my caffeine ? -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Bathmaker, Jon Sent: Friday, April 23, 2010 9:56 AM To: [email protected] Subject: Turning on ACF2 SECURITY Privilege through an exit . . . Hi All, We have a need to grant security to a class of users they log on to a specific app. We want them to lose it when they log off. Ideally there will be a nice exit somewhere where we can set the security bit in memory just after the user has logged onto the app. Thanks. Best Regards, Jon Bathmaker IBM Certified zSeries Technical Specialist, Senior Systems Programmer RDO Americas - Workspace Security D: 212-325-4714 M: 519-500-7927 ======================================================================== ==== === Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ======================================================================== ==== === ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ============================================================================ === Please access the attached hyperlink for an important electronic communications disclaimer: http://www.credit-suisse.com/legal/en/disclaimer_email_ib.html ============================================================================ === ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
