Gil, you mustn't think I plan to make it a habit but I think I'm going to disagree with you on every point, here:
o Well, maybe not on the first one: What's "TOCTTOU"? o Access rules are indeed complicated to simulate. But why simulate them? Just ask RACROUTE and get an answer. Mind you a) I'm a security geek, so maybe the rules seem less complicated to me. And b) I've never used RACROUTE directly; as a security geek I talk to RACF/ACF2/TSS through their TSO-level commands, so maybe RACROUTE is more difficult. o Of course the rules are subject to change. I can't see that that makes any difference, makes it any less handy to know what the rules are. If he takes your advice (just try the access and report the failure), the rule may ~still~ change; so what? o I've never had occasion to try in it TSS or ACF2 - being a security jock, I always ~have~ the elevated privileges, so I'm generally unaware of how they behave for hoi polloi - but I know that it's possible even for regular folks to use the RACF commands to determine whether they have read access to a dataset. I don't know about update. This question came up in TSO-REXX back in 2013, and I described how to do it and saved it away in case I wanted to use it again. I've sent it off-line to Mr DeChirico already; if anyone else wants to see it, just ask. --- Bob Bridges, robhbrid...@gmail.com, cell 336 382-7313 /* Never miss a good chance to shut up. -from A Cowboy's Guide to Life */ -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Saturday, June 13, 2020 22:09 Don't. o There's a TOCTTOU hazard. o The rules are probably too complicated to simulate. I'll add: o The rules are subject to change. o You may need elevated privilege even to perform the check. Better just to try the access and report any failure. >--- On Sat, 13 Jun 2020 09:10:01 -0700 (PDT), Michael DeChirico wrote: >>Are there any hlasm code examples on how to user RACROUTE >>to verify a userid's access to read/write a dataset? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
