> Wisely, the UNIX "ln" command requires no special privilege.
Of course it does. Try creating a link from root using a bog standard userid. -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of Paul Gilmartin <[email protected]> Sent: Tuesday, June 26, 2018 1:40 PM To: [email protected] Subject: Re: ALIAS On Tue, 26 Jun 2018 06:30:19 -0500, Elardus Engelbrecht wrote: > ... >So, in this scenario, all TSO ids can create their own ALIAS in a catalog upon >logon? (unless that routine CREATEALS has its own assigned user id authorized >to create an ALIAS on the logging-on TSO id.) > Isn't that what AC=1 is for? Then CREATEALS must be examined and reviewed so it creates no integrity exposure. >AFAIK, I believe only specially assigned persons (usually Storage Admins) may >create ALIAS in a catalog. This is to protect the catalog system and to ensure >only approved HLQ can be used at all. > "a catalog"? Of course the master catalog must be suitably protected. Otherwise, users should be as free to create ALIAS entries as data set entries. I've done so routinelly. This is reminiscent of Windows requiring admin authority to use the mklink command. Wisely, the UNIX "ln" command requires no special privilege. >Of course, if you can do it, good for you simply it make the administration of >the TSO ids and Catalogs much easier. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
