Tommy Tsui wrote:
Hi all,
As we all know, we can use IKJTSOXX to control the AUTHCMD includes the
altuse, deluser and listuser command but cannot control their own user.
For
example, ID ZXXX01 can issue command to altuser their own ZXXX01 ID
information. How to control it excpet protect the PGM=IKJEFT01....
Use RACF - this is the tool for access control.
How to do it: IMHO the simplest method is to protect ALU command in
PROGRAM class:
RDEF PROGRAM ALU ADDMEM(probably SYS1.LINKLIB) UACC(NONE)
RDEF PROGRAM ALTUSER ADDMEM(the same) UACC(NONE)
PE ALU CLASS(PROGRAM) ID(RACF admin GRP) ACC(READ)
Works like a charm
Caution: you should have program checking active, SETR WHEN(PROGRAM) in
effect, it is *wrong way* to issue SETR CLASSACT(PROGRAM). The last
command is irrelevant, does not cause any effect.
HTH
--
Radoslaw Skorupka
Lodz, Poland
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
