View previous topic :: View next topic
|
Author |
Message |
Jagan Sachidanandam
New User
Joined: 11 Aug 2008 Posts: 14 Location: India
|
|
|
|
Hi,
In one of the CICS region we use, we are trying to protect the load modules without being modified anyone i.e. they should not new copy or use their load modules. I figured out two possible solutions, they are
1.Add a load library concatenation to the CICS job and move all the load modules required to be protected into that library. We can prevent anyone from modifying this by having RACF restrictions.
2. The other was to hold the load. But people use CECI release and they are modifying the load.
Can you please suggest me if there are any further options available to protect the load modules?
Regards
Jagan |
|
Back to top |
|
|
enrico-sorichetti
Superior Member
Joined: 14 Mar 2007 Posts: 10873 Location: italy
|
|
|
|
protecting load library from updates is/must be part of the
general security plan/standards/pratices of Your organization
( in plain words.... who does what on what using what )
do You have one ???
proper promotion strategies,
proper library concatenation
proper authorization checking on transaction
should give You what You need.
but You cannot get it from forum answers |
|
Back to top |
|
|
Jagan Sachidanandam
New User
Joined: 11 Aug 2008 Posts: 14 Location: India
|
|
|
|
Hi,
Thanks for the reply.
We do have proper promotion strategies and security procedures defined for each transaction. But the security check just verifies whether user have got access to that use that transaction or not. Currently we are planning to improve the strategy that is present and we need to protect certain load modules in the development regions. This is because we need a couple of programs to be similar in all the CICS regions we use.
Regards
Jagan |
|
Back to top |
|
|
Robert Sample
Global Moderator
Joined: 06 Jun 2008 Posts: 8696 Location: Dubuque, Iowa, USA
|
|
|
|
I haven't seen it used before but there is a program option in CEDA called USELPACOPY. It requires certain SIT values be set but would almost certainly provide what you want since the program is loaded from the Link Pack Area, not from the CICS RPL. Consult with your site CICS support person for more information and help setting up the feature. |
|
Back to top |
|
|
Jagan Sachidanandam
New User
Joined: 11 Aug 2008 Posts: 14 Location: India
|
|
|
|
Thanks Robert. I have requested the CICS team to create a separate group with all the module we require and specify the option as USELPACOPY(YESY). The one thing I am pondering now is that how and where do we copy the load modules to. In the CICS Transaction Server for OS/390 Installation Guide, it is mentioned to copy the load modules to hlq.SDFHLPA. But I couldnt find this library, I have requested the CICS team to specify the list of libraries thay use. |
|
Back to top |
|
|
Robert Sample
Global Moderator
Joined: 06 Jun 2008 Posts: 8696 Location: Dubuque, Iowa, USA
|
|
|
|
If they haven't used the USELPACOPY option before, there may not be an SDFHLPA library -- although I found we've got it so apparently it's a normal part of the installation process. The CICS support team can clarify the name they used for the library. |
|
Back to top |
|
|
Jagan Sachidanandam
New User
Joined: 11 Aug 2008 Posts: 14 Location: India
|
|
|
|
Yes Robert, The CICS team mentioned that the library name they use is hlq.LPALIB. Thanks for the help |
|
Back to top |
|
|
Robert Sample
Global Moderator
Joined: 06 Jun 2008 Posts: 8696 Location: Dubuque, Iowa, USA
|
|
|
|
Glad to be of assistance. |
|
Back to top |
|
|
parsesource
New User
Joined: 06 Feb 2006 Posts: 97
|
|
Back to top |
|
|
|