Ted MacNEIL wrote: >Unique mapping of userid to person is a valid issue. >You must be accountable for what you do. >Sharing of ids negates that.
Indeed. As an unpopular RACF guy, I have a battle just about this. :-) Subsequent audit trails proved my and your point. It is not about 'I must win', but about common sense and logic. >Multiple ids must still be assigned to single people for the same >accountability reasons. Indeed. As Ted always said: Auditors recommend, management enforce. >I'm just not sold on multiple ids in a non-ISV environment. But, my first >response is "WHY?" not "NO!". Some of my colleagues have more than one TSO id as well some third party product ids managed by RACF. There are many reasons why, but some reasons I can share with you: 1. Work done on that 3th party product, may only be done with that id. Think separation of duties. 2. Testing of Telnet sessions for example using another id or doing long running commands while doing work using another id. 3. For some users I stripped Group Special rights and have them assign FACILITY(IRR.<whatever>) for delegating password management. Give me a good reason and I will play along. Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
