Security and VLS Libraries
search cancel

Security and VLS Libraries

book

Article ID: 27955

calendar_today

Updated On:

Products

Datacom DATACOM - AD Datacom/AD Datacom/DB

Issue/Introduction

What access should we give the users when accessing ADRLIB, ADRPNL and ADROUT?

Resolution

VLSUTIL and the VLS service routines used by other products always open the libraries for UPDATE. This is because member and library access is date/time stamped in the index of the library. Sites using a security package to control access, who want to restrict who can update a VLS library, will not want to grant UPDATE access at the library level. Top Secret allows a restricted form of UPDATE that will be useful for these situations:

TSS PERMIT(acids) DSN(vlsfile.dsname) -
PRIVPGM(IDBATCH IDUTSTRN IDUTOTRN IDUTILTY VLSUTIL) -
LIB(ideal.loadlib.dsname) ACCESS(UPDATE)

This restricts update accesses of the VLS file to those performed through the programs named in PRIVPGM. Any attempt to overwrite a VLS library with IEBGENER, for example, would be prevented.

The ACF2 equivalent is quite similar:
$KEY(hlq)

  rest.of.dsn UID(user UID string) PGM(IDBATCH) LIB(ideal.loadlib.dsname) W(A) R(A)

  rest.of.dsn UID(user UID string) PGM(IDUTSTRN) LIB(ideal.loadlib.dsname) W(A)R(A)

  rest.of.dsn UID(user UID string) PGM(IDUTOTRN) LIB(ideal.loadlib.dsname) W(A)R(A)

  rest.of.dsn UID(user UID string) PGM(IDUTILTY) LIB(ideal.loadlib.dsname) W(A) R(A)

  rest.of.dsn UID(user UID string) PGM(VLSUTIL) LIB(ideal.loadlib.dsname) W(A) R(A)

Powered by Wolken Software