I think you didn't understand: when a user is aythorized to LOGONBY VMGUEST1, then -as class G user- he should alos be authorized to XAUTOLOG/FORCE of the VMGUEST1 userid.
2007/8/24, Brian Nielsen <[EMAIL PROTECTED]>: > > I don't think that's a good idea. Class G users can be given LOGONBY to > > another class G user for a variety of reasons. Neither userid should get > > other than class G just because of the LOGONBY authorization. > > Brian Nielsen > > > On Fri, 24 Aug 2007 12:54:22 -0400, Alan Altmark <[EMAIL PROTECTED] > > > wrote: > > >On Friday, 08/24/2007 at 11:54 EDT, "Schuh, Richard" <[EMAIL PROTECTED]> > >wrote: > >> In that case, FORCE and XAUTOLOG should be in a class that does not > >include > >> SHUTDOWN. After all, why should we trust TCPIP any more than we do oth > er > >users? > >> Who knows what information it is shipping to Chuckie unbeknownst to us > ? > > > >C says: "no no no. it's fine. really. trust me. (heh heh)" > > > >There are some who believe that the authority to LOGON BY to a user shou > ld > >implicitly allow: > >- XAUTOLOG > >- SET SECUSER or OBSERVER > >- SEND (a la class C) > >- FORCE > >- SIGNAL SHUTDOWN > > > >Thoughts? > >======================== > ========================= > ======================== > -- Kris Buelens, IBM Belgium, VM customer support
