I asked IBM specifically whether the then new SAF profiles were used
while using the query functions in the SMP/E ISPF interface and their
answer was no.
Mark Jacobs
On 07/14/11 14:27, Mark Zelden wrote:
On Thu, 14 Jul 2011 11:51:42 -0500, Paul Gilmartin<[email protected]> wrote:
On Thu, 14 Jul 2011 11:23:23 -0500, Mark Zelden wrote:
Education is nice, but probably TMI. Most likely an application type if they
are
using CEEXOPT and don't already know how to find it. If so, there could be
no access to SMP/E - especially given IBM's recent (ahem) enhancement.
Aren't the LIST and query type functions exempt from the "enhancement"?
Or are they merely controlled by separate rules? Can one with no special
privilege even enter the SMP/E panels? I suppose "need to know" comes
into play at many sites.
I can't experiment on my ID because my job requires considerable SMP/E
privileges. I wish merely that IBM would provide me some guidance about
what actions I must avoid in order that I not present the much-discussed
integrity threat.
I can't test either, but according to APAR IO12263 :
"The functions being controlled are all
the SMP/E commands processed by program GIMSMP (for example,
SET, RECEIVE, APPLY, ACCEPT, UCLIN, LIST, REPORT, etc.), the
GIMZIP and GIMUNZIP service routines, and the GIMIAP copy
utility invocation program."
Which includes LIST and REPORT for example. It goes on to list some
specific functions that should be controlled "very carefully":
"These functions, and the corresponding SAF FACILITY class resources
that SMP/E checks, are as follows:
Function: Resource name:
RECEIVE command GIM.CMD.RECEIVE
APPLY command GIM.CMD.APPLY
ACCEPT command GIM.CMD.ACCEPT
RESTORE command GIM.CMD.RESTORE
REJECT command GIM.CMD.REJECT
LINK command GIM.CMD.LINK
CLEANUP command GIM.CMD.CLEANUP
Program GIMZIP GIM.PGM.GIMZIP
Program GIMUNZIP GIM.PGM.GIMUNZIP
Program GIMIAP GIM.PGM.GIMIAP "
Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
mailto:[email protected]
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html
Systems Programming expert at http://expertanswercenter.techtarget.com/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
--
Mark Jacobs
Time Customer Service
Tampa, FL
----
Some people are electrifying, they light up
a room when they leave.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
