Page 1 of 2

Locking a JCL or PDS but still executing

PostPosted: Mon Jan 02, 2012 11:11 pm
by zhinghur
Hello,

I have a very typical scenario wherein I am suppose to lock the PDS.
No matter what one cannot access/read/see the data in file by any means.

But they can execute the REX program which holds the JCL.

Is this possible ?

Thanks,
Zhinghur

Re: Locking a JCL or PDS but still executing

PostPosted: Mon Jan 02, 2012 11:38 pm
by enrico-sorichetti
I have a very typical scenario wherein I am suppose to lock the PDS.
No matter what one cannot access/read/see the data in file by any means.

But they can execute the REX program which holds the JCL.


where did You get the idea that the scenario is typical ?
why not speak to Your security support group

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 1:29 am
by zhinghur
enrico-sorichetti wrote:
I have a very typical scenario wherein I am suppose to lock the PDS.
No matter what one cannot access/read/see the data in file by any means.

But they can execute the REX program which holds the JCL.


where did You get the idea that the scenario is typical ?
why not speak to Your security support group


This solution is not possible in my case. So, is it possible other way around ?

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 1:40 am
by enrico-sorichetti
This solution is not possible in my case. So, is it possible other way around ?


what solution are You talking about ?

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 6:13 am
by Robert Sample
You need to start over and explain just what you are talking about as you have not been clear so far.

This PDS -- how is it related to the JCL? How are the PDS and JCL related to the REXX program? Why will not DISP=OLD work in your case? Why are you not asking your site security group to restrict the access to the PDS? They would typically be the ones to set the access control for any data set, including your PDS. How long are you wanting to restrict access -- while a job runs? while a program runs? a day? a year? while you work for the organization? while some other condition applies? Are you attempting to violate site security policy and want our help in doing so?

In other words, what you've posted so far leads to a lot more questions and no answers so far.

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 12:20 pm
by dick scherrer
Hello,

No matter what one cannot access/read/see the data in file by any means.

But they can execute the REX program which holds the JCL.
Which "data in file"? Whoever gave this "direction" should give no more technical directions :? I hate to think that within you IT organization this was clear to multiple people.

But they can execute the REX program which holds the JCL.
How does this relate to the "control" you appear to be looking for? What does this provide for those whould like to help?

You (or whoever presented this to you) needs to provide a much more clear explanation.

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 1:19 pm
by enrico-sorichetti
seems to me that the TS is concerned about people looking at the source of the REXX script

for load modules there is the RACF construct execute only dataset ( a bit murky to setup )
not so for the <interpreted> scripts ( CLIST or REXX )

the only way to hide the REXX source is to use the REXX compiler,
but then distributing the executables requires alternate steps in building them

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 3:17 pm
by zhinghur
Here is a clear scenario in full details

I have a jcl which is kind of tools. This jcl perform takes 2 input file and gives 2 output file.

Now, my requirements are

1. To first lock this jcl so that no users other than me can see it.
2. Trigger this JCL using a REX program.

What this rex will do or holds ?
THis rex will ask for 2 Input files and 2 output files as shown in below link.

As I have no much idea of REX I have already started another topic here,
clist-rexx/topic6906.html

3. These 2 input files names will be replaced by INPUT 1 and INPUT 2 in JCL and same for output.

Finally through Rex, the jcl gets triggered.


Thank You.

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 3:20 pm
by zhinghur
zhinghur wrote:I have a jcl which is kind of tools. This jcl perform takes 2 input file and gives 2 output file.



Sorry for bad English. What I mean here is, the jcl perform some task as per my requirement.

It use 2 input and 2 output files name.

Re: Locking a JCL or PDS but still executing

PostPosted: Tue Jan 03, 2012 7:42 pm
by enrico-sorichetti
truckload of bullshit ...
if the tool is private, then storing everything in Your <private> libraries
will ... ACCORDING TO THE SECURITY POLICIES OF YOUR ORGANIZATION
prevent anybody else from accessing them, the libraries and anything inside them

but if Your organization policy is ( as many do ) for generic users let anybody read and protect only from updates
then You are out of luck and we are just wasting time.

as I said before for such issue the best place to ask is Your security support.

no reason again to waste our time devising and advising about solutions that in the 99.99% will be rejected by the powers of Your organiuzation

if there is the business need for secrecy, Your support will be happy to provide the proper setup