>If the user has given you a data set name and asked you to operate on it, 
and he does not have the proper authority, then it is most appropriate to 
have the violation occur.<

Not in this case, IMO.

The violations are occurring as a result of a text string scan across all 
members of a production source code library in CA's Panvalet format. The 
library contains hundreds of members, but a handful of them have 
UACC=NONE. Here's how: Panvalet supports *member-level* security. We 
create RACF "pseudo-profiles" that contain the member name as the last 
qualifier, and if we wish to read-protect a member, we set that profile to have 
UACC=NONE. A Panvalet security exit constructs the pseudo-profile name, and 
invokes RACROUTE to see if read access to the member is permitted or not.

Under normal circumstances, if the security exit detects a violation of any 
kind, we want to know about it. But if a programmer issues a text scan of the 
entire library, he/she typically has no need or intention of scanning the 
handful of read-protected members. He's just looking for all occurrences of a 
variable name in the source code library (for example). The problem is that 
there's no easy way to instruct the scanning program to skip the read-
protected members. So the programmer gets a meaningless violation for each 
read-protected member in the library.

In my view, this ought to be an acceptable use of LOG=NONE. If the 
programmer isn't allowed to view the member, the security exit won't let it be 
scanned. The members are secure. Why record endless violations that are 
essentially noise, and might mask an actual hacking attempt?

David

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html

Reply via email to