Re: Turning on ACF2 SECURITY Privilege through an exit . . .

Fri, 23 Apr 2010 12:58:07 -0700

ACF2 SECURITY attribute allows insert, change, delete of any ACF2 database record. It also changes an access violation to an allow and log (assuming requester does not have authority from some other source). It is pretty powerful.......
You would not be able to turn off ACF2 checking other than putting ACF2 into quiet mode. Similar to SETR NOPROTECTALL and you delete the profiles. Turning off ACF2 would require updating some system control blocks. But since you now have the ability to link into APF authorized libraries (or APF auth your own) that is also available as an option. 
Schwarz, Barry A wrote:

Isn't it even a bigger problem?  The only purpose of having the authority is to 
issue the commands that require the authority.  What prevents such an 
authorized user from issuing commands that make other users privileged?  Or 
create a new user account with privileges that is not so restricted to this 
application?  Or changing the access controls on APF libraries?  Or even 
turning the security system off?

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of 
Tom Marchant
Sent: Friday, April 23, 2010 12:35 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Turning on ACF2 SECURITY Privilege through an exit . . .

On Fri, 23 Apr 2010 11:20:04 -0400, Bathmaker, Jon wrote:

We want the users to have the SECURITY privilege while they are using an
ISPF application and ONLY while they are using this app.


How do you prevent the user from using split screen to invoke
another application while your app is active?

--
Tom Marchant

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html



----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to