In <[EMAIL PROTECTED]>, on 11/22/2006
at 08:15 AM, Denis Gäbler said:
> Could something like that be used to only allow that specific
>program access to TCP/IP?
> PERMIT 'SYS1.TCPPARMS' CLASS(DATASET) ID(*) ACCESS(READ)
>WHEN(PROGRAM(TCPIPAPP))
Sure. It's enough hassle that it might induce them to rethink the
policy.
> Are there better solutions, ideas for that?
Define a group, containing all[1] users authorized to use TCP/IP. Add
that group to the access list for SYS1.TCPIP.HOSTS.SITEINFO and
SYS1.TCPPARMS.
[1] It might be large.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
