Take a look at Appendix A in the HMC Operations Guide (C28-6881). It has
a table which lays out HMC tasks by the default HMC user IDs.
Mike Myers
Mentor Services Corporation
On 06/12/2016 12:40 PM, Mark Zelden wrote:
On Sun, 12 Jun 2016 00:52:07 +0000, Jesse 1 Robinson <[email protected]>
wrote:
This has been a bugaboo for me for 20 years. From the get-go I had a userid
with full operator/sysprog authority. At some point I added ACS authority to
the same userid so that I could also manage other users. I discovered through
trial and error that I could not perform all functions with a single userid.
With ACS authority I could not perform sysprog duties and vice versa. I have
never seen this documented, and nothing in the user management dialog indicates
conflicting roles. Both roles can be selected for a single user, but both roles
do not work for the same user.
Some other roles can be added besides ACS that still allow, for example,
management of CPC and LPAR definitions. ACS alone does not allow that. Does
anyone understand the boundaries?
Separation of duties. :-) I don't know if it is documented, but recently I
deleted the shared
userids for operations and sysprogs and a shared userid we had for ACS admin
and defined
individual userids for about 15-20 OS sysprogs and operators to close an audit
gap. I had
2 userids for myself, one that was ACS admin (and also a backup userid) and my
normal sysprog
userid that I use bit that also had ACS. I was able to use my sysprog ID for
everything I
needed - so I though. But just the other day I noticed when I went into the SE
(single
object operations) I ended up with a userid of sooacsadmin instead of
soosysprog and
couldn't do diagnostics, model conversion etc. So I had to remove ACS from my
userid
and one other sysprog who had the ACS authority on his userid and now we both
have 2 userids, one being for ACS admin only.
All the "default" shared IBM userids are still there, but since they can only
be accessed
locally in the secure computer room, they were allowed to remain.
Best regards,
Mark
--
Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS
ITIL v3 Foundation Certified
mailto:[email protected]
Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html
Systems Programming expert at http://search390.techtarget.com/ateExperts/
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
