Top Secret PRIVPGM And LIBRARY Keywords On DSN Permit
search cancel

Top Secret PRIVPGM And LIBRARY Keywords On DSN Permit

book

Article ID: 44054

calendar_today

Updated On:

Products

Top Secret Top Secret - LDAP

Issue/Introduction

With dataset permits that have a PRIVPGM restriction on them, when is the LIBRARY operand required?

Environment

Release: TOPSEC00200-16-Top Secret-Security
Component:

Resolution

With OPTIONS(14) set in the Top Secret parameter file: The PRIVPGM can come from any library (linklist, JOBLIB, STEPLIB, TASKLIB) when no LIB() keyword is present on the permit.

Without OPTIONS(14) set in the Top Secret parameter file:
- If the PRIVPGM is not specified with LIBRARY, then the executing program must come from a library in the linklist or the link pack area (LPA). The program cannot be loaded from a library in a JOBLIB, STEPLIB, or TASKLIB. 

- If the PRIVPGM is specified with LIBRARY, then the executing program must come from the library specified in the PERMIT command function. 

- If the PRIVPGM is coming from a STEPLIB/JOBLIB/TASKLIB, and there is no LIBRARY operand on the permit, you will receive: 

TSS7231E UNAUTHORIZED JOB/STEP/TASK LIBRARY FOR DATASET 

and an 08-6A violation in the TSSUTIL report. 

- If the PRIVPGM is to be allowed from either the linklist OR a STEPLIB/JOBLIB/TASKLIB, then 2 permits are needed: 1 with the LIBRARY operand and 1 without the LIBRARY operand. For example:

TSS PERMIT(acid) DSN(data.set.name) PRIVPGM(pgm)
TSS PERMIT(acid) DSN(data.set.name) PRIVPGM(pgm) LIBRARY(steplib.dataset.name)

Additional Information

PRIVPGM

LIBRARY

Powered by Wolken Software