Exactly Alan. What I sent as solution is a bypass: fix things up until they can get restarted. Countless are clients that only know about MAINT. First thing I recommend is that the sysprogs use their own userid as much as possible (after updating the authority config files). Good to hear there is a solution coming for RSCS, but often SWs allow dynamic updates for many things, except authorisations. Why?
2010/8/16 Alan Altmark <[email protected]> > On Monday, 08/16/2010 at 12:02 EDT, "Schuh, Richard" <[email protected]> > wrote: > > It is obvious that substituting some other authorized userid for > OPERATOR > > would work. At least with the SEND CP, the other id would have to be > logged > > on. I do not know about FOR, it does not seem to be available on the > system. > > (FOR is interpreted as an abbreviation of FORWARD). > > Why go through this agony? RSCS has the ability to specify > link-authorized operators on the AUTH statement. If you should have it, > then RSCS should be configured to give it to you. > > I also recommend looking at the new RSCSAUTH server so that, once set up, > you can update authorizations without restarting RSCS. > > When I teach security, I teach that people should have the authorities > they need to do their jobs. Michael Crighton taught us that if sysprogs > don't have the authority they need, then they will find a way to tunnel > under the paddock fences to get it. > > Alan Altmark > z/VM Development > IBM Endicott > -- Kris Buelens, IBM Belgium, VM customer support
