Charles Mills wrote: >Thanks. That's certainly better than anything else I found.
Agreed. Chap 21 is indeed useful, but could be too technical for auditors. >But I would really like a formal or fairly formal *definition* of APF authorization. This could be messy as I just found out. May I join you? ;-D >Here's a way to re-phrase the question. Suppose an auditor said "show me a definition of APF authorization and a statement of what it means." Where would you point him? (No smart answers please.) Look at Init and Tuna Ref. I quote this useful statement you can fire of at your auditors: 'The authorized program facility (APF) allows your installation to identify system or user programs that can use sensitive system functions.' Other useful quote from 'Assembler Services Guide': 'The authorized program facility (APF) helps your installation protect the system. APF-authorized programs can access system functions that can affect the security and integrity of the system.' Failing that, research the words 'supervisor state/status', MODESET. Other useful quote (yes, I know it is very technical), you can rewrite for brevity, from 'Security Server RACF Security Administrator's Guide': 'Programmers Writing Authorized Applications: Programmers writing authorized applications (that is, APF-authorized programs) can use the RACROUTE macro to request security-related services,...'. It means, being in APF status, you can do 'privileged' things. February 25, 2003, SHARE Session Number: 2889 is also interesting, but very technical... Does this help you? Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
