On Tue, 16 May 2017 14:09:49 +0700, Robin Atwood <abend...@gmail.com> wrote:
>Thanks to everyone for replying, I would never realised you had to flip >JSCBAUTH from the macro documentation. >The actual business requirement is that we run Rexx execs that call ISPF >services on behalf of workstation users >running an IDE. The STC doing this must run authorised because it >communicates with a comms task via cross-memory services. So we will have >control over what gets executed. This is still very much an experiment, I am >not sure it will actually work. Technically, for the communication you've described, only the comms task would have to run authorized. The STC could run unauthorized, using mechanisms setup by the authorized comms task. However, as you're running work on behalf of various end-users, I hope you're authenticating those users and running the work under the proper end-user identity in each case. And that would probably require authorization of the STC. It is a very tricky situation to manage properly and without introducing either system integrity or security issues. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
