IAM (an Innovation Data Processing software product) datasets are not being secured by ACF2
search cancel

IAM (an Innovation Data Processing software product) datasets are not being secured by ACF2

book

Article ID: 53654

calendar_today

Updated On:

Products

ACF2 ACF2 - DB2 Option ACF2 for zVM ACF2 - z/OS ACF2 - MISC PanApt PanAudit

Issue/Introduction

IAM (an Innovation Data Processing software product) datasets are not being secured by ACF2.

Environment

Release:
Component: ACF2MS

Resolution

Innovation Data Processing has a software product called IAM (Innovation Access Method) that serves as an alternative to VSAM. Users are able to update IAM datasets bypassing ACF2 Rules.

IAM has its own intercepts to process IAM datasets. ACF2 intercepts the standard IBM (z/OS) OPEN process. When an IAM dataset is accessed, some accesses follow a non-standard IBM OPEN code path, effectively bypassing the ACF2 intercept. IBM OPEN processing also issues a SAF (RACROUTE) call to validate dataset access. ACF2 provides an internal SAFDEF that ignores this RACROUTE call because it would be a redundant validation. This same internal SAFDEF will ignore the IAM RACROUTE call.

IAM documentation states that IAM sites using ACF2 need to insert a SAFDEF call to properly validate IAM accesses. This SAFDEF will override the internal SAFDEF for the RACROUTE calls issued by IAM, ensuring that these accesses are properly validated.

To add the required SAFDEF, issue the following from ACF command mode:

SET CONTROL(GSO)
  INSERT SAFDEF.IAM MODE(GLOBAL) ID(IAM) RB(SVC019) 
         RACROUTE(REQUEST=AUTH CLASS=DATASET REQSTOR=IAMAVSOC)

To implement this change, a refresh of the SAFDEF records is required:

F ACF2,REFRESH(SAFDEF)
Powered by Wolken Software