we are interested in blocking isrddn for some of the users. We are trying to do it without creating a shell of our own, is there something inside isrddn that will help? What is the easiest way to do it? Thank you!
You can utilize Exit 3/4 (SELECT start and end exits). Exit 3 could be used to check for SELECT PGM(ISRDDN) and then do some sort of authorization check to see if the user is allowed to run the pgm. If not set rc=8 (or 16) to terminate the SELECT service with an authorization failure.. This would be how to do it using ISPF. There might be ways via your security software as well. A SELECT PGM(ISRDDN) will generate a LINK SVC for ISRDDN, so a hook in the LINK macro could do security checks. ISRDDN does a lot more than just the LISTALC function as can be seen by checking the tutorial. Keep in mind that ISPF is not authorized code and a "smart" programmer could write their own routines to do the same thing.