On Wed, 14 Apr 2010 09:46:01 -0500, Walt Farrell <wfarr...@us.ibm.com> wrote:
>What is important is that you understand that you are at risk if you do not >carefully control who can run those SMP/E functions, and that your users who >can run those functions must be very trusted users. And that's why we have >the new APAR IO12263. > I might point out for those who have not applied this enhancement, that the examples within APAR IO12263 are not complete. Below is what they indicate are protected in the APAR: <quote> These functions, and the corresponding SAF FACILITY class resources that SMP/E checks, are as follows: Function: Resource name: RECEIVE command GIM.CMD.RECEIVE APPLY command GIM.CMD.APPLY ACCEPT command GIM.CMD.ACCEPT RESTORE command GIM.CMD.RESTORE REJECT command GIM.CMD.REJECT LINK command GIM.CMD.LINK CLEANUP command GIM.CMD.CLEANUP Program GIMZIP GIM.PGM.GIMZIP Program GIMUNZIP GIM.PGM.GIMUNZIP Program GIMIAP GIM.PGM.GIMIAP </quote> SET and REPORT also need command profiles, even though they were indicated earlier in the APAR. I am sure there are others that I have not found yet. From earlier in the APAR: <quote> The functions being controlled are all the SMP/E commands processed by program GIMSMP (for example, SET, RECEIVE, APPLY, ACCEPT UCLIN, LIST, REPORT, etc.), the GIMZIP and GIMUNZIP service routines, and the GIMIAP copy utility invocation program. </quote> Just a heads up that those planning on applying this enhancement, that more will be needed. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html