Program path access authorization allows access to resources or functions through specific programs only, called privileged programs. If a program other than a privileged one is used, the request causes a security violation.
Use program pathing to:
Examples: restrict access by program path
This example allows PROD01 to submit jobs that run under the ACID PAY10M, but only through program SCH007P, a job scheduling program:
TSS PERMIT(PROD01) ACID(PAY10M)
PRIVPGM(SCH007P)
For program pathing to function, the issuer of the FRACHECK macro must pass the PRIVPGM name and the program must be in the linklist if LIB= is not specified.
This example specifies the additional restriction that this ACID can only be submitted through a started task:
TSS PERMIT(PROD01) ACID(PAY10M)
PRIVPGM(SCH007P)
FACILITY(STC)
This example requires that PROD01 be allowed to access the STC facility through a CREATE/ADDTO FACILITY(STC) entry, as well as be authorized to access SCH007P through a TSS PERMIT PROGRAM(SCH007P) entry.
By using the PRIVPGM keyword with the LIBRARY and FACILITY keywords, you can design an ACID’s access authorization so that ACID can only access a resource through a specific program, that must be loaded from a specific library, which is only accessed through a specific facility.
In this example USER02 must load the PAYUPDAT program from the PAYROLL.PRODLIB library, through BATCH to access the PAYROLL.MASTER data set:
TSS PERMIT(USER02) DSNAME(PAYROLL.MASTER)
PRIVPGM(PAYUPDAT)
LIBRARY(‘PAYROLL.PRODLIB’)
FACILITY(BATCH)
ACCESS(UPDATE)
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|