On Tue, 23 Oct 2007 14:20:10 -0500, Ed Gould wrote: >I do not know if IBM still sells it but at one time there was a >product called PCF. It was cheap IIRC and it worked quite well. I was >responsible for it for over 20 years and I never had an issue with >it. Just to give you an idea there is a table which has all TSO >commands in it and a "level" that you must have before the command >will be executed. The level is kept in UADS (or RACF IIRC). There is >also a table that restricts where a user can allocate new datasets. a >lot of the function of it has been doled out to other products (SMS >RACF etc) but I believe this product is a lot easier to implement and >you don't have to fool around with RACF to get a clean yes/no answer >to the question "am I allowed to do this command". > >BTW PCF = Program Control Facility PCF was a joke as far as 'TSO security' was concerned. As long as you understood how TSO's command processors work and a quick understanding of PCF's working storage it can be a matter of minutes before you can build a working prototype to bypass PCF. (At least it was for me about 20 years ago.) I would not recommend it on that basis. -- Tom Schmidt Madison, WI
---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html