Tommy Tsui wrote:
Hi all,
As we all know, we can use IKJTSOXX to control the AUTHCMD includes the
altuse, deluser and listuser command but cannot control their own user. For
example, ID ZXXX01 can issue command to altuser their own ZXXX01 ID
information. How to control it excpet protect the PGM=IKJEFT01....
The only thing users can do in RACF to their own user profile is to
change the name field with the ALTUSER command. Everything else requires
higher authority. So, unless you are basing some security critical
decisions on the contents of the NAME field in the user profile (a bad
idea anyway), I can't see what the problem is that you're trying to solve.
If you want to keep users from changing their NAME fields, define a
profile in class PROGRAM for the ALTUSER command and make sure you only
authorize RACF administrators to the profile.
--
Ulrich Boche
SVA GmbH, Germany
IBM Premier Business Partner
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
