You're obviously right about yet another set of typos in the PERMIT commands
I'm 100% sure about this: with a profile in class SURROGAT, the user becomes LOGON BY only, it has been that way since RACF 1.9 or (arrived later in VM/SP R6 or VM/ESA 1.0). Maybe your installation has a generic profile, or things have changed since the NOPASSWORD attribute was added (z/VM 5.3 or 5.4). 2009/4/9 Mike Harding <[email protected]>: > Kris, your PERMITs should be: > PE LOGONBY.userid CLASS(SURROGAT) ACCESS(READ) ID(whoever) to > permit whoever to use logonby for userid, > PE LOGONBY.userid CLASS(SURROGAT) ID(whoever) DELETE to > remove permission > Also, I don't believe having a profile in the SURROGAT class prevents > logging onto the userid directly if the password's known. To have the > same affect as LBYONLY in the directroy (sans RACF), you'd also need to do > an ALTUSER userid NOPASSWORD. > Mike Harding, Consultant/Specialist > > Enterprise Platform Services, Mainframe Engineering > KP-IT Enterprise Engineering > 925-926-3179 (8-473-3179) | E-Mail: [email protected] > AIM: VMBearDad | Yahoo IM: mbhcpcvt > Kaiser Service Credo: "Our cause is health. Our passion is service. We're > here to make lives better." > > NOTICE TO RECIPIENT: If you are not the intended recipient of this > e-mail, you are prohibited from sharing, copying, or otherwise using or > disclosing its contents. If you have received this e-mail in error, > please notify the sender immediately by reply e-mail and permanently > delete this e-mail and any attachments without reading, forwarding or > saving them. Thank you. > -- Kris Buelens, IBM Belgium, VM customer support
