Then yes. I think the last time this was surveyed n RACF-L, very few shops run with it inactive.
> -----Original Message----- > From: IBM Mainframe Discussion List <[email protected]> On > Behalf Of Seymour J Metz > Sent: Monday, October 26, 2020 2:45 PM > To: [email protected] > Subject: Re: SMF to capture user login history > > And if it's inactive? > > > -- > Shmuel (Seymour J.) Metz > https://urldefense.com/v3/__http://mason.gmu.edu/*smetz3__;fg!!JmPEg > BY0HMszNaDT!6GGUMaN8Y-sqd- > iROsg5T9RjNGe6TerOX71ZS_Y9z1ADewg8U0vrHUcUyMLEnA$ > > ________________________________________ > From: IBM Mainframe Discussion List [[email protected]] on > behalf of Gibney, Dave [[email protected]] > Sent: Monday, October 26, 2020 5:35 PM > To: [email protected] > Subject: Re: SMF to capture user login history > > In general and with list of groups active, no. The only case of specific logon > group dependency I know of is the DFHSM situation Radoslaw mentioned. > > > -----Original Message----- > > From: IBM Mainframe Discussion List <[email protected]> On > > Behalf Of Seymour J Metz > > Sent: Monday, October 26, 2020 1:35 PM > > To: [email protected] > > Subject: Re: SMF to capture user login history > > > > If foo is connected to groups bar and baz, don't you get different > permissions > > with LOGON FOO GROUP(BAR) and LOGON FOO GROUP(BAZ)? > > > > > > -- > > Shmuel (Seymour J.) Metz > > > https://urldefense.com/v3/__http://mason.gmu.edu/*smetz3__;fg!!JmPEg > > > BY0HMszNaDT!6A2a7swnD99n20E9woQiB5vEDqC1oZzshsL6LOJZdhrQIdFEepZ > > i5aTQDQEx9A$ > > > > ________________________________________ > > From: IBM Mainframe Discussion List [[email protected]] on > > behalf of Allan Staller [[email protected]] > > Sent: Monday, October 26, 2020 3:03 PM > > To: [email protected] > > Subject: Re: SMF to capture user login history > > > > Classification: Internal > > > > That would require an additional longon ID with a different default > > group/grouplist. > > This is a fairly common practice. One ID for everyday use and another with > > elevated privileges when needed. > > > > HTH, > > > > -----Original Message----- > > From: IBM Mainframe Discussion List <[email protected]> On > > Behalf Of Frank Swarbrick > > Sent: Monday, October 26, 2020 1:47 PM > > To: [email protected] > > Subject: Re: SMF to capture user login history > > > > [CAUTION: This Email is from outside the Organization. Unless you trust the > > sender, Don't click links or open attachments as it may be a Phishing email, > > which can steal your Information and compromise your Computer.] > > > > Thanks. > > Looks like there is not a way to do what I was hoping for, which would allow > > for a set of default groups for a user, along with one or more groups that > > require a user to explicitly log in to use them. For example, I am a member > of > > 3 groups right now, and we must use GRPLIST because I don't have to > specify > > a particular group to have my rights for all three. I would like to have an > > additional group available to me, but only if I explicitly specify it. In > > that > case I > > would want to have the rights for all four groups. I would also want to be > > able to "log" any time I (or any user) log in to this "special access" > > fourth > > group. > > > > Sounds like I am out of luck here, but someone correct me if I'm wrong. > > > > ________________________________ > > From: IBM Mainframe Discussion List <[email protected]> on > > behalf of R.S. <[email protected]> > > Sent: Monday, October 26, 2020 11:18 AM > > To: [email protected] <[email protected]> > > Subject: Re: SMF to capture user login history > > > > Yes, obviously! > > But ...no. > > > > To explain: there is an option in RACF, called GRPLIST. Vast majority of > > installations use GRPLIST, but few use NOGRPLIST. > > > > 1. YES > > For NOGRPLIST you may belong to meny group, but only one connection at > > the time is "active" - that means you logon as Frank, FRANK1 (that's the > > password) and NETADM - that's the group. > > And you have all the authorities given to user FRANK and to group > NETADM. > > However you are member of SMSADM as well - but this group gives you no > > authorities, because only one group is taken. > > Is it stupid? Some people say it is good. Let's leave it. > > > > > > 2. NO > > In typical GRPLIST world you logon as FRANK/FRANK1 and (usually) it > doesn't > > matter what group you provide, if any. > > And you have all the authorities given to FRANK, NETADM, SMSADM and all > > other groups you are connected to. > > So, it in this case privileges are not different. > > > > Exception: there are very few, very rare cases when "current connect > group" > > is important even in GRPLIST. See ARCCATGP (DFSMShsm manual). > > However AFAIR it is enough to provide this groupname during logon. > > > > Remark: no group provided = default group. Every RACF user has default > > group assigned. And of course the user is connected to this group. > > > > HTH > > > > -- > > Radoslaw Skorupka > > Lodz, Poland > > > > > > > > > > > > > > W dniu 26.10.2020 o 17:30, Frank Swarbrick pisze: > > > Curious question. Is it possible to have a single user ID with different > > privileges depending on what group you specify when logging in (to TSO, > for > > example)? > > > > > > ________________________________ > > > From: IBM Mainframe Discussion List <[email protected]> > on > > > behalf of Seymour J Metz <[email protected]> > > > Sent: Sunday, October 25, 2020 8:05 AM > > > To: [email protected] <[email protected]> > > > Subject: Re: SMF to capture user login history > > > > > >> two sets of IDs > > > Multiple ids can be very usefull. If you have a lot of privileges and > > > write > > code that is supposed to work without those privileges, it's useful to have > > a > > bare bones userid. If you have work that requires privileges that you > > consider too dangerous for normal work, it's nice to have a more privileged > > userid and proxy permission. BTDT, GTTS. > > > > > > > > > -- > > > Shmuel (Seymour J.) Metz > > > > > > https://urldefense.com/v3/__https://apc01.safelinks.protection.outlook.co > > > m/?url=http:*2F*2Fmason.g__;JSU!!JmPEgBY0HMszNaDT!6A2a7swnD99n20 > > E9woQiB5vEDqC1oZzshsL6LOJZdhrQIdFEepZi5aR-F74EKQ$ > > > > > > mu.edu%2F~smetz3&data=04%7C01%7Callan.staller%40HCL.COM%7C0 > > eaac4d6 > > > > > > fb9245e9d75c08d879df9a98%7C189de737c93a4f5a8b686f4ca9941912%7C0%7 > > C0%7C > > > > > > 637393349175371164%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM > > DAiLCJQIjo > > > > > > iV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=ew8aS0s > > A5X7qu > > > EdwJZayOILNENkQsBhqgCYRSDOqkeQ%3D&reserved=0 > > > > > > ________________________________________ > > > From: IBM Mainframe Discussion List [[email protected]] on > > > behalf of Steve Horein [[email protected]] > > > Sent: Sunday, October 25, 2020 9:00 AM > > > To: [email protected] > > > Subject: Re: SMF to capture user login history > > > > > > On Sun, Oct 25, 2020 at 1:11 AM kekronbekron < > > > [email protected]> wrote: > > > > > >> I hope no one encourages this kind of snooping on the list. > > >> Stinks of an attempt to police working hours. > > >> > > >> - KB > > >> > > > > > > > > > ========================================================== > > ============ > > > > Jeśli nie jesteś adresatem tej wiadomości: > > > > - powiadom nas o tym w mailu zwrotnym (dziękujemy!), > > - usuń trwale tę wiadomość (i wszystkie kopie, które wydrukowałeś lub > > zapisałeś na dysku). > > Wiadomość ta może zawierać chronione prawem informacje, które może > > wykorzystać tylko adresat.Przypominamy, że każdy, kto rozpowszechnia > > (kopiuje, rozprowadza) tę wiadomość lub podejmuje podobne działania, > > narusza prawo i może podlegać karze. > > > > mBank S.A. z siedzibą w Warszawie, ul. Senatorska 18, 00-950 > > > Warszawa,https://urldefense.com/v3/__https://apc01.safelinks.protection. > > outlook.com/?url=http*3A*2F*2Fhttp://secure- > web.cisco.com/1_X1fe_pNGy17DhkOqomtknEUafaW0YUuNC- > bAR5r1ueSrjTg7hNBw4tPV7yLmcX4l9PYvoYkSQXUCqIn0CrxfmAyLUfn3UQw > w2ZcXQAfjrp8o3r9MVGG5YSZXlaM6hGi3A-3Hu4Mq- > Zd5i0aUh0YG1yqt_BbyYpV0Do64fGklCNhr0UlXOno17hSFuKF_8R8vdbTasJEpS > PWnggCs5DBeuPZ-sp1Ofh4-7OiLULuMZRUlKrXsaxEWl82znAXnUCn5P2- > yQImfN7mBGL7aRazOrcsHtU6t3D3eTx21hDofPdxkt99DPHgXidct5BiZbkqD4aJ > UpQfi23YT4mR-ZmeNPrfwd75cV0KrSaGb7E- > NS4iUd67cTv2ZecsHTONgCSnYcRhsXdHpl0uxZYwlD10Aum7rzwntyjS5w5sETJ > m60Xs8hvKPOgCSoCDKmtF1GUK/http%3A%2F%2Fwww.mbank.pl*2F& > data=04*7C01*7 > > > Callan.staller*40HCL.COM*7C0eaac4d6fb9245e9d75c08d879df9a98*7C189de > > > 737c93a4f5a8b686f4ca9941912*7C0*7C0*7C637393349175371164*7CUnknow > > > n*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha > > > WwiLCJXVCI6Mn0*3D*7C2000&sdata=316N5XpueW0NYyydhwy*2FZIw > > > 6sOk*2FKlXGe1DroQh3*2BLM*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJ > > > SUlJSU!!JmPEgBY0HMszNaDT!6A2a7swnD99n20E9woQiB5vEDqC1oZzshsL6LO > > JZdhrQIdFEepZi5aQMyLHAvw$ , e-mail: [email protected]. Sąd Rejonowy > > dla m. st. Warszawy XII Wydział Gospodarczy Krajowego Rejestru > Sądowego, > > KRS 0000025237, NIP: 526-021-50-88. Kapitał zakładowy (opłacony w > całości) > > według stanu na 01.01.2020 r. wynosi 169.401.468 złotych. > > > > If you are not the addressee of this message: > > > > - let us know by replying to this e-mail (thank you!), > > - delete this message permanently (including all the copies which you have > > printed out or saved). > > This message may contain legally protected information, which may be > used > > exclusively by the addressee.Please be reminded that anyone who > > disseminates (copies, distributes) this message or takes any similar action, > > violates the law and may be penalised. > > > > mBank S.A. with its registered office in Warsaw, ul. Senatorska 18, 00-950 > > > Warszawa,https://urldefense.com/v3/__https://apc01.safelinks.protection. > > outlook.com/?url=http*3A*2F*2Fhttp://secure- > web.cisco.com/1_X1fe_pNGy17DhkOqomtknEUafaW0YUuNC- > bAR5r1ueSrjTg7hNBw4tPV7yLmcX4l9PYvoYkSQXUCqIn0CrxfmAyLUfn3UQw > w2ZcXQAfjrp8o3r9MVGG5YSZXlaM6hGi3A-3Hu4Mq- > Zd5i0aUh0YG1yqt_BbyYpV0Do64fGklCNhr0UlXOno17hSFuKF_8R8vdbTasJEpS > PWnggCs5DBeuPZ-sp1Ofh4-7OiLULuMZRUlKrXsaxEWl82znAXnUCn5P2- > yQImfN7mBGL7aRazOrcsHtU6t3D3eTx21hDofPdxkt99DPHgXidct5BiZbkqD4aJ > UpQfi23YT4mR-ZmeNPrfwd75cV0KrSaGb7E- > NS4iUd67cTv2ZecsHTONgCSnYcRhsXdHpl0uxZYwlD10Aum7rzwntyjS5w5sETJ > m60Xs8hvKPOgCSoCDKmtF1GUK/http%3A%2F%2Fwww.mbank.pl*2F& > data=04*7C01*7 > > > Callan.staller*40HCL.COM*7C0eaac4d6fb9245e9d75c08d879df9a98*7C189de > > > 737c93a4f5a8b686f4ca9941912*7C0*7C0*7C637393349175371164*7CUnknow > > > n*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha > > > WwiLCJXVCI6Mn0*3D*7C2000&sdata=316N5XpueW0NYyydhwy*2FZIw > > > 6sOk*2FKlXGe1DroQh3*2BLM*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJ > > > SUlJSU!!JmPEgBY0HMszNaDT!6A2a7swnD99n20E9woQiB5vEDqC1oZzshsL6LO > > JZdhrQIdFEepZi5aQMyLHAvw$ , e-mail: [email protected]. District Court > for > > the Capital City of Warsaw, 12th Commercial Division of the National Court > > Register, KRS 0000025237, NIP: 526-021-50-88. Fully paid-up share capital > > amounting to PLN 169.401.468 as at 1 January 2020. > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to > > [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to > > [email protected] with the message: INFO IBM-MAIN > > ::DISCLAIMER:: > > ________________________________ > > The contents of this e-mail and any attachment(s) are confidential and > > intended for the named recipient(s) only. E-mail transmission is not > > guaranteed to be secure or error-free as information could be intercepted, > > corrupted, lost, destroyed, arrive late or incomplete, or may contain > > viruses > > in transmission. The e mail and its contents (with or without referred > errors) > > shall therefore not attach any liability on the originator or HCL or its > affiliates. > > Views or opinions, if any, presented in this email are solely those of the > > author and may not necessarily reflect the views or opinions of HCL or its > > affiliates. Any form of reproduction, dissemination, copying, disclosure, > > modification, distribution and / or publication of this message without the > > prior written consent of authorized representative of HCL is strictly > > prohibited. If you have received this email in error please delete it and > notify > > the sender immediately. Before opening any email and/or attachments, > > please check them for viruses and other defects. > > ________________________________ > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
