On Wed, 14 Apr 2010 09:46:01 -0500, Walt Farrell <wfarr...@us.ibm.com>
wrote:
>What is important is that you understand that you are at risk if you do not
>carefully control who can run those SMP/E functions, and that your users
who
>can run those functions must be very trusted users. And that's why we have
>the new APAR IO12263.
>
I might point out for those who have not applied this enhancement, that the
examples within APAR IO12263 are not complete. Below is what they indicate
are protected in the APAR:
<quote>
These functions, and the corresponding SAF FACILITY class
resources that SMP/E checks, are as follows:
Function: Resource name:
RECEIVE command GIM.CMD.RECEIVE
APPLY command GIM.CMD.APPLY
ACCEPT command GIM.CMD.ACCEPT
RESTORE command GIM.CMD.RESTORE
REJECT command GIM.CMD.REJECT
LINK command GIM.CMD.LINK
CLEANUP command GIM.CMD.CLEANUP
Program GIMZIP GIM.PGM.GIMZIP
Program GIMUNZIP GIM.PGM.GIMUNZIP
Program GIMIAP GIM.PGM.GIMIAP
</quote>
SET and REPORT also need command profiles, even though they were
indicated earlier in the APAR. I am sure there are others that I have not
found yet. From earlier in the APAR:
<quote>
The functions being controlled are all the SMP/E commands processed by
program GIMSMP (for example, SET, RECEIVE, APPLY, ACCEPT
UCLIN, LIST, REPORT, etc.), the GIMZIP and GIMUNZIP
service routines, and the GIMIAP copy utility invocation
program.
</quote>
Just a heads up that those planning on applying this enhancement, that more
will be needed.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
