Re: S/36 Environment and Security

A difference may be seen, when the named initial program results in the signon invoking a procedure versus a program. Either way, the security will be enforced.

If INLPGM(*LIBL/ThePgm) is assigned, and there is a procedure ThePgm in *LIBL/QS36PRC, then [for a user running with SPCENV(*S36)] the procedure will be run instead of a *PGM. In that case, what authority the user has to the *PGM object *LIBL/ThePgm is moot. The library could be named versus a special value, and the same situation.

The signon processor for S36E is QEXSIGN. That program looks for a procedure name first, and then for a program by the name specified for Initial Program. This can be inferred from the following tests:

If the user is not authorized to the procedure [i.e. the procedures implementation object, the source file named QS36PRC] found by the naming specified for initial program, then the error:
SYS7293 Escape 99 10/03/07 15:20:05.744880
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS7293 User not authorized to access QS36PRC.

If the named initial program is not found neither as a procedure nor as a program, then the error:
SYS5514 Escape 99 10/03/07 15:21:12.967984
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS5514 Procedure CRPCMD not found.
Cause . . . . . : This procedure could not be found in the specified library, your default library, or the system library (#LIBRARY).

If the named initial program is not found as a procedure, but is found as a program to which the user has not authority, then just like the SPCENV(*NONE) user, the signon fails for lack of authority to the initial program *PGM object:
SYS7293 Escape 99 10/03/07 15:23:24.734288
QEXSIGN QSSP 0D9B *EXT
Message . . . . : SYS7293 User not authorized to access CRPCMD.
Cause . . . . . : You entered a command but you are not authorized to the object identified.

Regards, Chuck