>If the user has given you a data set name and asked you to operate on it, and he does not have the proper authority, then it is most appropriate to have the violation occur.<
Not in this case, IMO. The violations are occurring as a result of a text string scan across all members of a production source code library in CA's Panvalet format. The library contains hundreds of members, but a handful of them have UACC=NONE. Here's how: Panvalet supports *member-level* security. We create RACF "pseudo-profiles" that contain the member name as the last qualifier, and if we wish to read-protect a member, we set that profile to have UACC=NONE. A Panvalet security exit constructs the pseudo-profile name, and invokes RACROUTE to see if read access to the member is permitted or not. Under normal circumstances, if the security exit detects a violation of any kind, we want to know about it. But if a programmer issues a text scan of the entire library, he/she typically has no need or intention of scanning the handful of read-protected members. He's just looking for all occurrences of a variable name in the source code library (for example). The problem is that there's no easy way to instruct the scanning program to skip the read- protected members. So the programmer gets a meaningless violation for each read-protected member in the library. In my view, this ought to be an acceptable use of LOG=NONE. If the programmer isn't allowed to view the member, the security exit won't let it be scanned. The members are secure. Why record endless violations that are essentially noise, and might mask an actual hacking attempt? David ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html