On Mon, 17 Dec 2012 10:16:06 -0800, Skip Robinson <[email protected]> wrote:
>As for the need to check SAF: if HMC provided full granularity of access >control, we wouldn't even need BCPii. We could just let all Tech Support >folks get to HMC and let him enforce the rules: allow Tech Support staff >(nearly!) full control over sandbox LPARs by name and pretty much no >control over other LPARs. We can write our own BCPii code to achieve that >goal provided that activation profiles are visible and settable. As an >aside, we don't need to modify profiles, only to select the appropriate >profile at IPL. It's my impression, Skip, that BCPii has greater security granularity than HMC has. But I have not made a detailed study of it. -- Walt ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
