4. EXCEPTIONS4.3 Detailed Exception Descriptions › 03056: Unauthorized Program Use

Previous Topic: 03055: Disk Mounts Exceeded Step Standard

Next Topic: 03057: Program Resource Consumption Exceeded Limit

03056: Unauthorized Program Use

FILE:             Batch User Program Activity
SAS FILE NAME:    DETAIL.BATPGM01
SOURCE LOCATION:  prefix.MICS.USER.SOURCE.(DYSMFEXC)

SEVERITY:  Warning              (SEVERITY='W')
MANAGEMENT AREA:  Standards     (MGMTAREA='STANDARDS')

PURPOSE:  Identifies unauthorized users who have executed the
SUPERZAP Program.

RATIONALE:  SUPERZAP is an IBM Service Aid. This program can
be used to inspect/modify load modules, data in DASD data
sets, or DASD Volume Table of Contents (VTOCs).  Unauthorized
users could make modifications to programs and data,
circumventing normal security procedures.  This program could
be used to gain access to password protected data sets
through VTOC modification or penetration of the password data
set.  Even when this program is used for legitimate purposes,
there is danger that the source program or audit trail will
not be updated to reflect the change.

DEFINITION:  This exception is detected when an unauthorized
user executes the SUPERZAP program.

EXCEPTION STATEMENTS:  The SAS statements identifying the
exception situation and describing the condition are stored
in the source member named in SOURCE LOCATION and are
described below.

*
**  03056
**  UNAUTHORIZED PROGRAM USE
*;
IF (
    PROGRAM='AMASPZAP' OR PROGRAM='IMASPZAP'
    OR PROGRAM='SUPERZAP' OR PROGRAM='program-name'
   ) AND
   NOT (JOB=:'job-name')
   THEN DO;
    EXCCODE='03056'; SEVERITY='W'; MGMTAREA='STANDARDS';
    EXCDESC1='UNAUTHORIZED PROGRAM USE';
    EXCDESC2=' ';
    LINK HIT;
END;

THRESHOLD MODIFICATION:   Tailor the list of SUPERZAP program
names contained in the definition string and specify those
jobs which will be excluded from causing an exception as
follows:

    program-name - The name of the program, specified as a
       one- to eight-character alphanumeric field, must be
       enclosed in quotes as a standard SAS character
       literal.  Additional program names must be connected
       to the list with an OR.

    job-name - The name of the jobs to be used for selection,
       specified as a one- to eight-  character alphanumeric
       field, must be enclosed in quotes as a standard SAS
       character literal.  Additional job names must be
       enclosed in the parentheses and be connected to the
       list with an OR.  For all job names that do not begin
       with SYS or MAINT, the specification is:

          AND NOT(JOB=:'SYS' OR JOB=:'MAINT')

          Note that by placing a colon prior to the literal,
          the job selection will be satisfied by all job
          names having their first n digits match the string.
          For example, the test JOB=:'SYS' selects all job
          names starting with SYS.