In a recent note, Binyamin Dissen said: > Date: Fri, 18 Aug 2006 11:10:19 -0400 > > On Fri, 18 Aug 2006 15:31:55 +0100 "Perryman, Brian" <[EMAIL PROTECTED]> > wrote: > > :>I do set these with RACF now, but when the TSO signon panel comes up, they > are > displayed in these fields and can be overtyped. That's what I'm trying to > avoid. > > They will then get the message account/proc not authorized. > > Once bitten, twice shy. > Largely, that works for me.
A totally friendly implementation might not let the user overtype the field, but provide instead a pop-up selection list of logon PROCs (e.g.) authorized to the particular user. Walt F. might have some opinions on the practicality of such a design, and even the security concerns of presenting such a list to the not-yet- logged in user. And I think restricting the user's choice of login PROCs/commands is superfluous and silly. If the user chooses a PROC that tries to do something the particular user shouldn't to, RACF should prevent it. -- gil -- StorageTek INFORMATION made POWERFUL ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
