Here's a question that I wish were hypothetical:
If a user's ACID has XA ACID(xxxxxxxx) plus FAC(TSO) and FAC(BATCH), that user can submit JCL with USER=xxxxxxxx on the JOB card and do anything that xxxxxxxx is permitted to do. In the case I have in mind, I consider this a vulnerability.
The reason for the permission—the reason I'm aware of—is that there are transactions that submit batch jobs with USER=xxxxxxxx, and whoever set this up apparently thought permitting ACID(xxxxxxxx) was the best way to set things up.
The ideal solution, it seems to me, is to rewrite the transactions to submit those jobs under the region's own authority in the first place. If I cannot persuade management to pursue that path, I want to define for them the exact limits of the exposure. So, the question:
If the ACID is missing FAC(TSO) and/or FAC(BATCH), are there other ways an ill-disposed user can make use of ACID(xxxxxxxx)? I'd like to hear y'all say "No, ACID(xxxxxxxx) is totally useless without both FAC(TSO) and FAC(BATCH)", but MVS is complicated and I won't be surprised to hear "Yes, here are some other ways ACID(xxxxxxxx) can be used...".