On Mon, 29 Jan 2018 20:03:11 +0200, ITschak Mugzach <[email protected]> wrote:
>To summerise rob's and Walt's argument, the security applied to apf panel >in sdsf was a mistake and i believe ibm will remove it in next release... There are some possible distinction between SDSF and ISRDDN, though. First, SDSF already provides highly granular controls that are intended both for security and simply for customization, and it would seem strange to IBM's customers for an SDSF function not to have such controls, given the other controls that have already been present. Second, I think that SDSF has the ability to provide information from more than one system. ISRDDN is only giving you information from the current system, I think. It's true that it makes no sense to protect the function in ISRDDN because anyone can simply look in storage to see the information. But SDSF may deserve more protection as it can show you information from systems that you're not allowed to logon to, and thus can't inspect directly. Having said that, I no longer have access to internal IBM discussions and really don't know much about the history of SDSF controls for its APF panel and the rationale for providing them. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
