Andrew, You may be right that IBM are trying to state something stronger. My point is that safety is a minimum requirement for an IBM recommendation. I have found several cases where IBM has specified a higher level of access than is necessary. For example, IBM states that FTP needs UID(0) to function, whereas many find this is unnecessary. So while I do not run my FTP with UID(0), I am reasonably confident it is safe to do so.
Lennie -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Andrew Rowley Sent: 21 August 2023 00:40 To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: XCFAS and TRUSTED On 21/08/2023 9:28 am, Lennie Dymoke-Bradshaw wrote: > Secondly, when IBM states that a task should be given the attribute of > Trusted, then I take it to mean that IBM is saying that the task can be > trusted that this attribute cannot be the source of an exposure for that task. I think when IBM says a task should be given trusted, it's a stronger statement than that. I take it to mean that the task should never be denied access by the security system, and any denial of access risks the stability or operation of the system. -- Andrew Rowley Black Hill Software ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN