On Sun, Oct 25, 2020 at 1:11 AM kekronbekron < 000002dee3fcae33-dmarc-requ...@listserv.ua.edu> wrote:
> I hope no one encourages this kind of snooping on the list. > Stinks of an attempt to police working hours. > > - KB > Meh. The first shop I worked in implemented something like that to track the use of privileged IDs that had elevated permissions to update production resources. At the time, the scope had been TSO, so I wrote some automation that would send an email to the "security operations center" if RACF IDs matching specific patterns generated an IEF125I, IEF126I, or an IEF45* message. The time frames from logon to logoff/abend needed to be justified with a change request or incident, otherwise it would be considered suspicious activity. Yes, it meant having to maintain two sets of IDs - a BAU ID for day to day work, and the privileged ID for changes or recovery support, but it satisfied someone's requirement. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN