Hello Wally, There is a LOGONBY parameter (and others) that will allow certain people to logon and use their own password. And the VM Operator will get a message indicating who logon on. We have that log spooled and then send daily to a location for auditing.
Ed Martin Aultman Health Foundation 330-363-5050 Ext 35050 -----Original Message----- From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf Of Vogtmann, Wallace B Sent: Wednesday, March 09, 2011 11:28 AM To: IBMVM@LISTSERV.UARK.EDU Subject: zVM User Definitions We're new to zVM. Have the system operational with standard IBM supplied User/Guest definitions. For example, we've implemented RACF, DIRMAINT, & PERF TK (soon Omegamon XE). Our security folks don't really like us logging in as MAINT, TCPMAINT, RACMAINT, etc. to do our changes - can't really tell who is doing what. Plus it's hard to have good/secure passwords when need to have multiple real users login to multiple guests, etc. Is there any examples of what would be good definitions for (1) standard system programmer guest accounts and (2) standard service machines? What RIGHTS and ACCESS definitions should be standard. We only plan on running Linux guests and standard IBM/3rd party tools, so just need a few Users/Guests that have the appropriate access for SysProg support, etc. Basically, we have the system in and operational, but NOW how should we REALLY have it setup to run/manage it securely and effectively. Any RedBooks? I've looked, but don't see any that fit the bill. Thx - Wally Vogtmann - Technical Services - wvogt...@tcfbank.com ----------------------------Disclaimer---------------------------- This email may contain privileged and/or confidential information that is intended solely for the use of the addressee. If you are not the intended recipient, you are strictly prohibited from disclosing, copying, distributing or using any of the information contained in the transmission. If you received this communication in error, please contact the sender (“Company”) immediately and destroy the material in its entirety, including all electronic and hard copies. This communication may contain nonpublic personal information about consumers which is subject to restrictions under the Gramm-Leach-Bliley Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse or disclose such nonpublic personal information for any purpose other than to provide the services for which you are receiving the information. There are risks associated with the use of electronic transmission. The sender of this information does not control the method of transmittal or any service providers and the sender assumes no duty, liability, or obligation for the security, receipt, or any third party interception of this transmission. The Company reserves the right to amend statements made herein in the event of a mistake. Unless expressly stated herein to the contrary, only agreements in writing signed by an authorized officer of the Company may be enforced against it.
