On Sat, 18 Sep 2010 10:00:33 -0400, Michel Beaulieu <[email protected]> wrote:
>In Unix/Linux, we have the "su" command that let someone take another identification >for a while and when done, just exit and return to the normal userid. >Can we do something like that in z/VM? > >Michel Beaulieu >Montreal, Canada Yes you can do something like "su" in z/VM. I do it nearly every day. It's called "Set Alternate User ID - Diagnose D4". We use Top Secret/VM for our VM Security product, (because we access MVS datasets from VM and Top Secret/VM allows us to protect access to them from VM), and it provides a "SUROGATE MODULE", (aka "su"), that allows an appropiately authorized userid to switch to an alternate userid, issue commands as tha t ID, then switch back to your own ID. SUROGATE SET * otherid issue commands SUROGATE RESET * I don't know if any other VM Security products provide anything like this , but Diag D4 is a native VM Diagnose code so it can be invoked without a Security product installed, (as shipped by IBM it requires Privilege Clas s B). You could write your own code to invoke Diag D4 and do your own authorization checks as well. Your gun, your foot! :-)> -- Dale R. Smith
