On Thursday, 02/12/2009 at 11:05 EST, Jim Bohnsack <[email protected]> wrote: > I think whether NEEDPASS YES is still needed is an "it depends" and > should be left to the customer. What is needed, however, is a > re-engineering or a redesign or rethinking of how and where it is > defined in DIRMAINT. In talking to some developer in Endicott (don't > remember who), what came thru is that from the developer standpoint, > they know the product and definition tables so well that it is not > apparent to them how totally confusing DIRMAINT is from a setup or > installation standpoint. Coupling the confusion of DIRMAINT with RACF > takes the confusion factor to a whole new dimension. Take some VM > sysprog from off the street who doesn't live with DIRMAINT every day and > have them install it and take note of the questions and problems they > encounter.
I do understand and appreciate that the number of touchpoints in z/VM to configure permissions to do various things might be considered by some to be, um, a tad excessive. There is an oft-repeated requirement (particularly from larger companies) for z/VM to centralize security management. This extends to authorizations for TCP/IP, DIRMAINT, Performance Toolkit, and even little ol' RSCS. Further, I recognize that while the DIRMAINT-RACF connector is way(!) better in z/VM 5.4, it still isn't complete. Alan Altmark z/VM Development IBM Endicott
