My bad on the FOR. When I looked at the HELP, I was on CMS22 checking out something. The FOR command says that it is executed on the target id, so using it on the OPERATOR id would be stepping on toes or crossing lines. The problem was not the ability to issue the START command; I have authorization for that. The problem was those pesky messages. RSCS has since been recycled, so they are no longer a problem. The only answer for them, since they cannot be simply turned off, is to not start a link from my own id. From now on, I will use SEND CP uid SMSG RSCS START ..., where uid is an authorized coworker's id :-) (Actually, SM RSCS RSCS START ... will probably work and will be a better way to go. I bet that Alan would prefer that to some of the alternatives suggested since the source of the command will be duly recorded in the console log.)
Regards, Richard Schuh > -----Original Message----- > From: The IBM z/VM Operating System > [mailto:[email protected]] On Behalf Of Alan Altmark > Sent: Monday, August 16, 2010 10:09 AM > To: [email protected] > Subject: Re: RSCS Messages > > On Monday, 08/16/2010 at 12:02 EDT, "Schuh, Richard" <[email protected]> > wrote: > > It is obvious that substituting some other authorized userid for > OPERATOR > > would work. At least with the SEND CP, the other id would have to be > logged > > on. I do not know about FOR, it does not seem to be available on the > system. > > (FOR is interpreted as an abbreviation of FORWARD). > > Why go through this agony? RSCS has the ability to specify > link-authorized operators on the AUTH statement. If you > should have it, then RSCS should be configured to give it to you. > > I also recommend looking at the new RSCSAUTH server so that, > once set up, you can update authorizations without restarting RSCS. > > When I teach security, I teach that people should have the > authorities they need to do their jobs. Michael Crighton > taught us that if sysprogs don't have the authority they > need, then they will find a way to tunnel under the paddock > fences to get it. > > Alan Altmark > z/VM Development > IBM Endicott >
