SECURITY question

Discussion of the free COZBATCH utility for z/OS
Post Reply
TSGHOS
Posts: 20
Joined: Fri Oct 15, 2010 8:55 am

SECURITY question

Post by TSGHOS » Tue Sep 27, 2011 4:23 am

Hello,

When using SFTP to a foreign host using a normal Z /OS Batch run i.e. to a Unix setup in another location not on our Network do we have to define the SFTP userid in RACF so it can READ the local file on the Z / OS machine to send It to the external host.

We never had to do this with FTP as the Batch Id READ the local file and had the access in RACF and passed this to the FTP Id to PUT on the foreign host.

I can understand why you have to do this an incoming transmission as that’s standard for FTP as well but not an external send.



Your advice would me appreciated.

Thanking you in advance.

Hanif

dovetail
Site Admin
Posts: 1856
Joined: Thu Jul 29, 2004 12:12 pm

Re: SECURITY question

Post by dovetail » Tue Sep 27, 2011 9:19 am

If you run a Co:Z Batch job and invoke the cozsftp client, it runs on z/OS under a z/OS userid without special privileges. The z/OS userid must have permissions to read or write any local z/OS files or datasets.

I don't see how this is different from FTP. FTP is an APF authorized program, but the job still needs RACF permissions to the z/OS files or datasets that it accesses.

TSGHOS
Posts: 20
Joined: Fri Oct 15, 2010 8:55 am

Re: SECURITY question

Post by TSGHOS » Tue Sep 27, 2011 9:51 am

Hello,

Ok,thank you for your prompt reply.

Hanif

Post Reply