OPEN was also notorious for giving a return code in R15 rather than an ABEND, leading to program checks in low storage when the program did a GET or PUT without checking whether the DCB was in fact open. SDome programmers can't even spell DCBOFLGS.
-- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List [IBM-MAIN@LISTSERV.UA.EDU] on behalf of Paul Gilmartin [0000000433f07816-dmarc-requ...@listserv.ua.edu] Sent: Sunday, June 14, 2020 5:55 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: HOW DO I VERIFY A USERID'S ACCESS TO A DATASET On Sun, 14 Jun 2020 15:51:25 -0400, Bob Bridges wrote: > >B5> Ok, so things change; I still don't see why that means one shouldn't ask. >How is partial information (that is, it'll work under most circumstances but >not under all) worse than no information at all? One can't be sure that the >logic will continue to work at some hypothetical point in the future, when the >system has changed in some way - if that were a bar to asking the question, >how would we ever write ~any~ program? > This works well if the query supports a ternary response: o Allow o Prohibit o Didn't understand (possibly syntax error) The third case might impel a redesign. What does LISTDSD reply for a syntax error, possibly a zFS path? >G4> A security jock should treat an access query with a negative reply as a >violation as serious as attempting the access and failing. > >B5> "As serious"? So you think attempting the access and failing is a serious >violation (at least to some extent)? Yet you're advocating that he do just >that. > The question was posed those years ago by a programmer afflicted with a stodgy security jock who investigated and possibly wrote up any prohibited access attempt. The questioner was seeking a process to avoid such interactions. >G2> Better just to try the access and report any failure. > >B5> Having said all of the above, I'm now reconsidering, not for security >reasons but operational. One of the main reasons I approve of people being >allowed to ask the do-I-have-access question ahead of time is to allow >controled exit from a program if the answer is negative, rather than the >program bombing. But then, you can exit in a controled manner if you try and >fail, too; you just trap the result, or check the RC, and decide then whether >to continue. In that sense there's no real advantage to asking ahead of time. > >In fact from a coding point of view it's probably simpler just to try it and >trap the result, because if you ask the question, then attempt the access, >then trap the result anyway (just in case your question wasn't answered >correctly, for any reason), your program has to do more. > In my view, OPEN was notorious for ABENDing rather than setting status in R15. I suppose that was to protect the programmer from ignoring R15. But I'd expect a programmer who did so simply to get the ABEND on the first I/O operation. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
