Re: CEEXOPT macro ..where reside ?

Thu, 14 Jul 2011 11:47:32 -0700 

On Thu, 14 Jul 2011 11:51:42 -0500, Paul Gilmartin <paulgboul...@aim.com> wrote:

>On Thu, 14 Jul 2011 11:23:23 -0500, Mark Zelden wrote:
>>
>>Education is nice, but probably TMI.   Most likely an application type if 
>>they are
>>using CEEXOPT and don't already know how to find it.   If so, there could be
>>no access to SMP/E  - especially given IBM's recent (ahem) enhancement.
>>
>Aren't the LIST and query type functions exempt from the "enhancement"?
>Or are they merely controlled by separate rules?  Can one with no special
>privilege even enter the SMP/E panels?  I suppose "need to know" comes
>into play at many sites.
>
>I can't experiment on my ID because my job requires considerable SMP/E
>privileges.  I wish merely that IBM would provide me some guidance about
>what actions I must avoid in order that I not present the much-discussed
>integrity threat.
>

I can't test either, but according to APAR IO12263 :

"The functions being controlled are all
  the SMP/E commands processed by program GIMSMP (for example,
  SET, RECEIVE, APPLY, ACCEPT, UCLIN, LIST, REPORT, etc.), the
  GIMZIP and GIMUNZIP service routines, and the GIMIAP copy
  utility invocation program."

Which includes LIST and REPORT for example.   It goes on to list some
specific functions that should be controlled "very carefully":

  "These functions, and the corresponding SAF FACILITY class resources
  that SMP/E checks, are as follows:
  
 
    Function:        Resource name:
    RECEIVE command  GIM.CMD.RECEIVE
    APPLY command    GIM.CMD.APPLY
    ACCEPT command   GIM.CMD.ACCEPT
    RESTORE command  GIM.CMD.RESTORE
    REJECT command   GIM.CMD.REJECT
    LINK command     GIM.CMD.LINK
    CLEANUP command  GIM.CMD.CLEANUP
    Program GIMZIP   GIM.PGM.GIMZIP
    Program GIMUNZIP GIM.PGM.GIMUNZIP
    Program GIMIAP   GIM.PGM.GIMIAP   "


Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS       
mailto:m...@mzelden.com                                        
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html 
Systems Programming expert at http://expertanswercenter.techtarget.com/

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to