Isn't this a violation of PCI DSS? "10.1 Implement audit trails to link all access to system components to each individual user."
Charles -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Bigendian Smalls Sent: Tuesday, November 22, 2016 7:37 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Mainframe systems programmer ID 'vaulting' This is something I hadn’t heard much about, but a couple questions come to mind - for anyone who has thought about or implemented this: 1) If you have a pool of IDs, then are you losing granularity with which you might want to assign privelages? Meaning you now have to have IDs that have exactly the same permissions - if they are user-agnostic (among some class of users obviously, like DEVs or SYSPROGs or whatever) - Seems like that is back to the old, “Create a new id. What perms to give him? Dunno, just build it like Chad’s, they have the same job.” Which has kind of gone out of style for obvious reasons (though still prevelant in practice). ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN