Hi everybody
I've recently found out that its a severe error in the code for OnDemand z/OS V9.5.0.7, when using RACF-checking for Application group authorization.
Let me try to explain:
A) You have a folder(TEST1) that have 2 Application Group( APG A(agid 5100) and APG B(agid 5110))
Now the PERMEXIT only checks for authorization on APG A, because it has the lowest agid, the exit is called 2 times, but both times the Application name supplied to the exit is A both times.
B)You have a folder(TEST2) that have 3 Application Group( APG X(agid 5050) ,APG A(agid 5100) and APG B(agid 5110))
Now the PERMEXIT only checks for authorization on APG X, because it has the lowest agid, the exit is called 3 times, but All times the Application name supplied to the exit is X.
So this means that if the user is authorized to only APG A, then he can't !! open folder TEST2 !!
And when opening folder TEST1, he can see APG A and APG B, although he's not authorized to that , he's only athorized to APG A!!
@Ed: I've opened PMR00540,160,846 for this
/H Carlberg