search cancel

Why do VLS files need UPDATE authority running VLSUTIL LIBRARY?

book

Article ID: 190580

calendar_today

Updated On:

Products

Ideal IPC

Issue/Introduction

How to protect/secure  VLS files when the PGM=VLSUTIL seems to require individuals have update access just to perform a Library command? 

  LIBRARY          

e.g., TSS7227E UPDATE Access Not Granted to Dataset  VLS data set name 

Environment

Release : 15.1

Component : CA IDEAL

Cause

Both VLSUTIL and the VLS service routines used by other products always open the libraries for UPDATE.
This is because member and library access is date/timestamped in the index of the library.

Resolution

Sites using a security package to control access, who want to restrict who can update a VLS library, will not want to grant UPDATE access at the library level.
Top Secret allows a restricted form of UPDATE that will be useful for these situations:

TSS PERMIT(acids) DSN(vlsfile.dsname) -
PRIVPGM(IDBATCH IDUTSTRN IDUTOTRN IDUTILTY VLSUTIL DFHSIP ) -
LIB(ideal.loadlib.dsname) ACCESS(UPDATE)

This restricts update accesses to the VLS file to those performed through the programs named in PRIVPGM.
Any attempt to overwrite a VLS library with IEBGENER, for example, would be prevented.