On Wed, Dec 8, 2010 at 7:38 PM, Alan Altmark <[email protected]> wrote:
> I've been saying for several years, "You need an ESM." More and more > z/VM security management will be focused on ESMs, not native CP. If your > fave ESM doesn't simplify things for you, gripe to the vendor. That's self-fulfilling prophecy, Sir. You also created the mind boggling approach where the VM Sysprog needs to change hats and perform both steps of the ritual. But I stopped years ago saying that one word of the VM sysprog should be enough for things he controls. So when it already requires magical powers to get a NICDEF statement into the directory, there is no problem in having that imply the GRANT as well. Different when the class G command is used to define the NIC. Yes, this is different from a LINK in the directory because we assume that the owner of the resource manages access to it. In that case it is appropriate that the owner decides whether the LINK can actually work (and can revoke access). | Rob
