Authorization
Use the following questions to determine current system authorization.
- What are the entries in the program properties table (PPT) that automatically bypass password protection? You can use the DSMON reports to answer this particular question.
- Which started procedures have the trusted or privileged attribute? You can use the DSMON reports to answer this particular question.
- What are the authorized libraries?
- In your PARMLIB concatentation (IEAAPFxx)? You can use the DSMON reports to answer this particular question.
- In your PARMLIB concatentation (LNKLSTxx)? You can use the DSMON reports to answer this particular question.
- In your PARMLIB concatentation (IEALPAxx)?
- In your PARMLIB concatentation (LPALSTxx)?
Note: You can find your PARMLIB concatenation with an MVS™ operator command or you can use the RACF_SENSITIVE_RESOURCES health check which reports on the concatenated PARMLIB data sets. - Other than standard IBM® programs, what programs require authorization in these libraries?
- What are the commands and programs that can be executed in the foreground as Authorized Program Facility (APF)-authorized (CSECTs IKJEFTE2 and IKJEFTE8 in module IKJEFT01 or IKJTABLS, or SYS1.PARMLIB member IKJTSO00, depending on your release of TSO)?
- Is the list of authorized programs and commands reasonable and consistent with the installation's security goals? You can use the DSMON reports to answer this particular question.
- How are changes and additions to the authorized libraries controlled? Who authorizes changes?