On 1/17/2022 8:19 AM, Ray Kilgore wrote:
Does anyone know of how you can limit the scope of where an operator can route commands to within a sysplex. Lets say I only want a users TSO logon to only be able to route commands to 3 out of 6 systems within a sysplex. Operator JOHNDOE can only route z/OS commands to SYS1, SYS2 and SYS3.
I remember people asking this question years ago when "shamplexes" were all the rage. A sysplex is supposed to be comprised of equal systems -- at least as envisaged.
If the systems really are different and are connected into a sysplex for some reason of arbitrary convenience, then I'm guessing they have different security data bases (e.g., RACF, CA-ACF2 or CA-TSS). Do they?
If so, will it work to simply disallow select userids from issuing commands on the systems you don't want them issuing commands on?
Note that your question started out being about operators and ended up being about TSO users. Either way, they all have unique userids in your external security manager.
-- Phoenix Software International Edward E. Jaffe 831 Parkview Drive North El Segundo, CA 90245 https://www.phoenixsoftware.com/ -------------------------------------------------------------------------------- This e-mail message, including any attachments, appended messages and the information contained therein, is for the sole use of the intended recipient(s). If you are not an intended recipient or have otherwise received this email message in error, any use, dissemination, distribution, review, storage or copying of this e-mail message and the information contained therein is strictly prohibited. If you are not an intended recipient, please contact the sender by reply e-mail and destroy all copies of this email message and do not otherwise utilize or retain this email message or any or all of the information contained therein. Although this email message and any attachments or appended messages are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by the sender for any loss or damage arising in any way from its opening or use. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
