My impression is that it does whatever you want it to do! That is, it either permits everything, or you get to write your own rules; write your own ESM, essentially. You need to write the part that SAF calls, and of course you also need to come up with some sort of administration, some way to configure what you have written.
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of zMan Sent: Wednesday, May 4, 2022 9:51 AM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SAF without an ESM On https://www.ibm.com/docs/en/zos-basic-skills?topic=zos-what-is-saf , IBM says: > System authorization facility or SAF is an interface defined by MVS™ that > enables programs to use system authorization services to control access to > resources, such as data sets and MVS commands. SAF either processes > security authorization requests directly or works with RACF®, or other > security product, to process them. Someone on r/mainframe asks what SAF does without an ESM. I'm thinking "not much", but the last sentence above sort of suggests otherwise--unless "SAF either processes security authorization requests directly" means "returns RC=0 in all cases", in which case it would be accurate but IMHO overly vague. Thoughts? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN