ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
z/OS System REXX Security.
Article ID: 19496
Updated On:
Products
Cleanup
Datacom
DATACOM - AD
CIS
COMMON SERVICES FOR Z/OS
90S SERVICES
DATABASE MANAGEMENT SOLUTIONS FOR DB2 FOR Z/OS
COMMON PRODUCT SERVICES COMPONENT
Common Services
CA ECOMETER SERVER COMPONENT FOC
EASYTRIEVE REPORT GENERATOR FOR COMMON SERVICES
INFOCAI MAINTENANCE
IPC
UNICENTER JCLCHECK COMMON COMPONENT
Mainframe VM Product Manager
CHORUS SOFTWARE MANAGER
CA ON DEMAND PORTAL
CA Service Desk Manager - Unified Self Service
PAM CLIENT FOR LINUX ON MAINFRAME
MAINFRAME CONNECTOR FOR LINUX ON MAINFRAME
GRAPHICAL MANAGEMENT INTERFACE
WEB ADMINISTRATOR FOR TOP SECRET
Xpertware
Top Secret
Top Secret - LDAP
Top Secret - VSE
Issue/Introduction
Description:
Why is acid *BYPASS* assigned to AXR STC when programs IEEPRWI2 or IEEVSTAR are in control?
Solution:
Module IEEPRWI2 is the Started Task Control routine.
This module is attached by Region Control Task (rct) and first of all executes a RACROUTE macro with some special attributes.
These attributes identifies the address space as a 'system address space'.
A system address space should use a powerful acid that has full access to everything and the security product CA-Top Secret. It builds a dummy acid and ANY accesses done by this Acid should be allowed without any rule validation. This is why the BYPASS Acid appears in TSSUTIL when IEEPRWI2 is in control.
Environment
Release: TOPSEC00200-15-Top Secret-Security
Component:
Component:
Feedback
Yes
No
Powered by
