On Wed, 15 Feb 2012 13:34:01 -0500, Scott Ford <scott_j_f...@yahoo.com> wrote:
>All, >I understand that authorized programs have been talked about before, buti >don't understand and I want to make sure I do before I start a design ...... > >What I want.... Long running STC .... >....................... Invoke a rexx clist performing alloc, calls to a >program >........................long running STC program is linked ac(1) > >Do i create an entry in ikjtso00 for the STC program >Do I create an entry in ikjtso00 for the clist name > >This is where I am cornfused..... The entries in IKJTSO00 are for programs (not execs or clists) that you invoke under the TSO/E TMP. So, if your STC actually has // EXEC PGM=<your-program> then there would be no reason to put <your-program> in IKJTSO00 as you are not running it under the TMP. On the other hand, if your STC has // EXEC PGM=IKJEFT01,PARM="CALL dsname(your-program)" and you want your-program to run APF-authorized, then you would need it in IKJTSO00. IF you are doing as my first example, and the STC directly invokes your program, I'd like to inquire -how- you are having your program invoke the REXX exec, though. The way you do that has critical implications for the functions that the exec can perform. -- Walt Farrell IBM STSM, z/OS Security Design ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN
