Alan Altmark <[email protected]> wrote: > > I would say "No." You have LOGON BY access, but that doesn't confer > "modify the directory" permission. If MAINT is LBYONLY (in the RACF > sense) then you need to make such changes from another user who is > authorized to act FOR MAINT. > > Alan Altmark > z/VM Development > IBM Endicott
>From my point of view I would have thought that this is not what you would want. In our installation, for security reasons, privileged functions are not carried out on personal userids and all privileged userids (including MAINT) are LOGONBY. This means there is an audit trail of who did what. MAINT has been set to 'DIRM NEEDPASS NO' for as long as I can remember so I can't remember how we did that in the first place but it is certainly what we would want. The alternative is for function to be distributed and then you have little chance of following or controlling/auditing what is going on. Colin Allinson Amadeus Data Processing GmbH
