Kris, your PERMITs should be:
PE LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(whoever) to
permit whoever to use logonby for userid,
PE LOGONBY.userid CLASS(SURROGAT) ID(whoever) DELETE to
remove permission
Also, I don't believe having a profile in the SURROGAT class prevents
logging onto the userid directly if the password's known. To have the
same affect as LBYONLY in the directroy (sans RACF), you'd also need to do
an ALTUSER userid NOPASSWORD.
Mike Harding, Consultant/Specialist
Enterprise Platform Services, Mainframe Engineering
KP-IT Enterprise Engineering
925-926-3179 (8-473-3179) | E-Mail: [email protected]
AIM: VMBearDad | Yahoo IM: mbhcpcvt
Kaiser Service Credo: "Our cause is health. Our passion is service. We're
here to make lives better."
NOTICE TO RECIPIENT: If you are not the intended recipient of this
e-mail, you are prohibited from sharing, copying, or otherwise using or
disclosing its contents. If you have received this e-mail in error,
please notify the sender immediately by reply e-mail and permanently
delete this e-mail and any attachments without reading, forwarding or
saving them. Thank you.
