Sort of We run LOGON=AUTO but have OPERCMDS restricted so that the only commands that can be issued without a (user) logon are display and control commands (K E,1 etc)
We also use automation to perform an unconditional LOGOFF 15 minutes after a LOGON (timer reset with next LOGON). Not exactly an inactivity timeout (I could be actively issuing commands for 15 minutes and the LOGOFF will still happen). A PITA at times but that's rare. Even in a controlled access area there are still 'unauthorized' personnel wandering around (cleaning crew, electricians, security guards, distributed systems folks, maintenance crew, etc.). Generally trustworthy to keep their mitts off the consoles but I wouldn't bet my job on it. We've had no major issues with the requirement other than the expected bit of grumbling at the start. I only wish you could logon to more than one system in a plex at the same time (there was a thread about this earlier). -----Original Message----- Pommier, Rex R. Hi List, Quick question. Do you require your operations staff to log onto the z/OS consoles? Our auditors are claiming this is "industry standard" and so we need to be doing it, even though our consoles are all behind locked doors. Thanks. Rex ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html