Well, sure, you can write your own ESM. But that's not SAF doing anything itself.
Same applies to exits, mentioned elsewhere. As written, that graf sounds like SAF itself will do some security checking, OR you can buy an ESM and do more. On Wed, May 4, 2022 at 1:25 PM Charles Mills <charl...@mcn.org> wrote: > My impression is that it does whatever you want it to do! That is, it > either permits everything, or you get to write your own rules; write your > own ESM, essentially. You need to write the part that SAF calls, and of > course you also need to come up with some sort of administration, some way > to configure what you have written. > > Charles > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On > Behalf Of zMan > Sent: Wednesday, May 4, 2022 9:51 AM > To: IBM-MAIN@LISTSERV.UA.EDU > Subject: SAF without an ESM > > On https://www.ibm.com/docs/en/zos-basic-skills?topic=zos-what-is-saf , > IBM > says: > > > System authorization facility or SAF is an interface defined by MVS™ that > > enables programs to use system authorization services to control access > to > > resources, such as data sets and MVS commands. SAF either processes > > security authorization requests directly or works with RACF®, or other > > security product, to process them. > > > Someone on r/mainframe asks what SAF does without an ESM. I'm thinking "not > much", but the last sentence above sort of suggests otherwise--unless "SAF > either processes security authorization requests directly" means "returns > RC=0 in all cases", in which case it would be accurate but IMHO overly > vague. Thoughts? > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > -- zMan -- "I've got a mainframe and I'm not afraid to use it" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
