Authorization

Use the following questions to determine current system authorization.

1. What are the entries in the program properties table (PPT) that automatically bypass password protection? You can use the DSMON reports to answer this particular question.
2. Which started procedures have the trusted or privileged attribute? You can use the DSMON reports to answer this particular question.
3. What are the authorized libraries?
   • In your PARMLIB concatentation (IEAAPFxx)? You can use the DSMON reports to answer this particular question.
   • In your PARMLIB concatentation (LNKLSTxx)? You can use the DSMON reports to answer this particular question.
   • In your PARMLIB concatentation (IEALPAxx)?
   • In your PARMLIB concatentation (LPALSTxx)?
   Note: You can find your PARMLIB concatenation with an MVS™ operator command or you can use the RACF_SENSITIVE_RESOURCES health check which reports on the concatenated PARMLIB data sets.
4. Other than standard IBM® programs, what programs require authorization in these libraries?
5. What are the commands and programs that can be executed in the foreground as Authorized Program Facility (APF)-authorized (CSECTs IKJEFTE2 and IKJEFTE8 in module IKJEFT01 or IKJTABLS, or SYS1.PARMLIB member IKJTSO00, depending on your release of TSO)?
6. Is the list of authorized programs and commands reasonable and consistent with the installation's security goals? You can use the DSMON reports to answer this particular question.
7. How are changes and additions to the authorized libraries controlled? Who authorizes changes?