> Your confusion is due to an unfortunate use of the word "resource" in > two wholly-different contexts.
> You're getting waaay off track here... I'm confused and off track? Please do not attacking me personally. I got into this discussion just to highlight the inconsistency of two arguments. In one case it was argued that any user who used a resource must need it to do their job, otherwise they would never have used it. In the other case, it's argued that all resources should be protected, and only specific authorizations given out, because accidents and bad intentions happen. The resources involved are different, but the reasons for protecting them are essentially the same. If the business requires that a user access a specific set of resources, and no other resources, then the other resources have to be protected. If the business would like a user to access a set of resources and would like (but not require) them NOT to access other resources, then a note saying, "Please don't touch these other resources" might suffice. Each business' requirements are different. Perhaps the originator is satisfied with a logon proc that only points Joe user to Zeke. Maybe the requestor isn't interested in the myriad methods of bypassing security, and is only interested in satisfying the immediate needs of Joe user. After all, the original request said, "I'm hoping no RACF changes will be required, except perhaps for authorization to execute the sign-on proc." ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
