I like the idea that XAUTLOG authority can me taken as authority to do al l of the Start/Stop functions for that target user and then LOGONBY be take n as complete authority to be that target user. So I could give a server authority (via XAUTOLOG in target users' directories) to XAUTOLOG, FORCE,
SIGNAL SHUTDOWN, but not be able to transfer spool files owned by the tar get users or to modify (via SEND) the configuration of the target server. I could reserve for an administrator (via LOGONBY in target users' directories) the authority to manipulate the spool files and machine configuration. I like it. Are you thinking of having this as a CP implementation or an ESM based add-on function? I would not object to either but prefer a CP implementat ion. /Tom Kern /301-903-2211 On Fri, 24 Aug 2007 15:52:55 -0400, Alan Altmark <[EMAIL PROTECTED] > wrote: >Sorry to confuse. I was suggesting a rule that says, as a class G user, >you could target >- XAUTOLOG >- SET SECUSER or OBSERVER >- SEND (a la class C) >- FORCE (with a new class G version) >- SIGNAL SHUTDOWN > >to any user to whom you are authorized for LOGON BY. Thinking further, if >you did not have LOGON BY, but did have XAUTOLOG authority, would it be ok >to implicitly grant FORCE and SIGNAL SHUTDOWN? > >That gives two general classes of action: >- manage the guest (start, stop) >- BE the guest (start, stop, see, do) > >Alan Altmark >z/VM Development >IBM Endicott
