NetView for z/OS, Version 5.4
Unless you restrict command authorization by source ID, it is difficult to protect commands that are routed. For example, if you protect the CLOSE command as a keyword of the EXCMD command, then the CLOSE command is not protected at the target ID if an operator routes the CLOSE command using EXCMD OPER1, CMD CLOSE, unless CMD is also protected as a keyword of EXCMD.
Using the source ID, the command is checked for authorization against the ID closest to the command source, as defined in Table 4. Using target ID, the command is checked for authorization against the ID running the command, checking the routed command as a keyword.
The SOURCEID of a command is determined by the command and the environment under which it is issued. In some cases, a command flowing through a single NetView® program can pass through more than two tasks. In those cases, any intermediate tasks pass along the originating user ID as the SOURCEID. For example, OPER1 issues:
EXCMD AUTO2 AT 12:00:00,PPT,AUTOTBL MEMBER=DSITBL01
As the AUTO2 task processes the AT command, it does not become the original issuer but recognizes that OPER1 is the existing SOURCEID. Therefore, when the AUTOTBL command runs under the PPT, the SOURCEID used for authority checking is OPER1.
The NetView timer commands (AFTER, AT, CHRON, and EVERY) can be used to issue commands that are run by the PPT task. These commands are examples of authorization checking using the command source ID. Unless you restrict command authorization by source ID, or restrict the PPT keyword on timer commands, you cannot protect specific commands routed to the PPT task, because the PPT task is not subject to command security.
As you consider migration from a prior release of the NetView program, be aware that the NetView initialization default has changed to use SOURCEID authority checking. You might want to consider using TARGETID authority checking until you are sure that the various sources of commands are authorized. Remember that command lists can contain timer commands and other embedded commands such as EXCMD commands. When you switch to SOURCEID, all sources must then be authorized before commands can process successfully.
[ Top of Page | Previous Page | Next Page | Contents ]