z/OS System REXX Security.
Article ID: 19496
Updated On:
Products
CA Cleanup
CA Datacom
CA DATACOM - AD
CA CIS
CA Common Services for z/OS
CA 90s Services
CA Database Management Solutions for DB2 for z/OS
CA Common Product Services Component
CA Common Services
CA Datacom/AD
CA ecoMeter Server Component FOC
CA Easytrieve Report Generator for Common Services
CA Infocai Maintenance
CA IPC
Unicenter CA-JCLCheck Common Component
CA Mainframe VM Product Manager
CA Chorus Software Manager
CA On Demand Portal
CA Service Desk Manager - Unified Self Service
CA PAM Client for Linux for zSeries
CA Mainframe Connector for Linux on System z
CA Graphical Management Interface
CA Web Administrator for Top Secret
CA CA- Xpertware
CA Top Secret
CA Top Secret - LDAP
CA Top Secret - VSE
Issue/Introduction
Description:
Why is acid *BYPASS* assigned to AXR STC when programs IEEPRWI2 or IEEVSTAR are in control?
Solution:
Module IEEPRWI2 is the Started Task Control routine.
This module is attached by Region Control Task (rct) and first of all executes a RACROUTE macro with some special attributes.
These attributes identifies the address space as a 'system address space'.
A system address space should use a powerful acid that has full access to everything and the security product CA-Top Secret. It builds a dummy acid and ANY accesses done by this Acid should be allowed without any rule validation. This is why the BYPASS Acid appears in TSSUTIL when IEEPRWI2 is in control.
Environment
Release: TOPSEC00200-15-Top Secret-Security
Component:
Component:
Feedback
Yes
No
Powered by
