Then you should use PROP (Programmable Operator), included with z/VM. There is much better automation software available, but at a fee, both from IBM and CA. Your operator itself will be the "logical operator", eg user OP1. OP1 will no longer have authority to issue priviledged CP commands, it will need to "ask" help from PROP to execute them. For example in stead of issuing CP XAUTOLOG guest he will issue TELL OP CMS XAUTOLOG guest The response will be routed back to him. Setting up PROP isn't very hard, documented in CP Planning & Admin guide. Console information will be contained in a logfile on OPERATOR 191. To make it waterproof, you should avoid that OP1 can ask PROP: - to stop PROP's logging - to issue SET PRIVCLASS OP1
2009/10/26 Lee Stewart <[email protected]> > Hi all... > > If I want to make a console log less tamperable by someone on OPERATOR who > might want to hide his workings, can I do something like define OPERATOR's > own authority to NONE, yet still have the console log work, just that the > OPERATOR can't stop or redirect it? (So he can't issue something like a > SPOOL CONS STOP or a SPOOL CONS NOTERM.) Or maybe have the OPERATOR's > console owned by another user? Or?? > > The intent is to send the console to a service machine that will archive it > off the VM system. And from creation till it's off the VM system, it > should be as tamper-proof as possible. > > Thanks for any thoughts...... > Lee > -- > > Lee Stewart, Senior SE > Sirius Computer Solutions > Phone: (303) 996-7122 > Email: [email protected] > Web: www.siriuscom.com > -- Kris Buelens, IBM Belgium, VM customer support
