Why do VLS files need UPDATE authority running VLSUTIL LIBRARY?
Article ID: 190580
Updated On:
Products
Ideal
IPC
Issue/Introduction
How to protect/secure VLS files when the PGM=VLSUTIL seems to require individuals have update access just to perform a Library command?
LIBRARY
e.g., TSS7227E UPDATE Access Not Granted to Dataset VLS data set name
Environment
Release : 15.1
Component : CA IDEAL
Cause
Both VLSUTIL and the VLS service routines used by other products always open the libraries for UPDATE.
This is because member and library access is date/timestamped in the index of the library.
This is because member and library access is date/timestamped in the index of the library.
Resolution
Sites using a security package to control access, who want to restrict who can update a VLS library, will not want to grant UPDATE access at the library level.
Top Secret allows a restricted form of UPDATE that will be useful for these situations:
TSS PERMIT(acids) DSN(vlsfile.dsname) -
PRIVPGM(IDBATCH IDUTSTRN IDUTOTRN IDUTILTY VLSUTIL DFHSIP ) -
LIB(ideal.loadlib.dsname) ACCESS(UPDATE)
This restricts update accesses to the VLS file to those performed through the programs named in PRIVPGM.
Any attempt to overwrite a VLS library with IEBGENER, for example, would be prevented.
Top Secret allows a restricted form of UPDATE that will be useful for these situations:
TSS PERMIT(acids) DSN(vlsfile.dsname) -
PRIVPGM(IDBATCH IDUTSTRN IDUTOTRN IDUTILTY VLSUTIL DFHSIP ) -
LIB(ideal.loadlib.dsname) ACCESS(UPDATE)
This restricts update accesses to the VLS file to those performed through the programs named in PRIVPGM.
Any attempt to overwrite a VLS library with IEBGENER, for example, would be prevented.
Feedback
Yes
No
Powered by
