My suggestion would be to use RACF SURROGAT .. For example: RAC RDEF SURROGAT LOGONBY.MAINT RAC PERMIT LOGONBY.MAINT CL(SURROGAT) ID(YOURID) ACC(READ).
Now, when you login to maint -- they will know who did it. You would login to MAINT using: LOGON MAINT BY YOURID And enter YOURID password.. This should give them the audit trail they need - and keeps passwords private, etc. Scott Rohling On Wed, Mar 9, 2011 at 9:28 AM, Vogtmann, Wallace B <wvogt...@tcfbank.com>wrote: > We're new to zVM. Have the system operational with standard IBM supplied > User/Guest definitions. For example, we've implemented RACF, DIRMAINT, > & PERF TK (soon Omegamon XE). > > Our security folks don't really like us logging in as MAINT, TCPMAINT, > RACMAINT, etc. to do our changes - can't really tell who is doing what. > Plus it's hard to have good/secure passwords when need to have multiple > real users login to multiple guests, etc. > > Is there any examples of what would be good definitions for (1) standard > system programmer guest accounts and (2) standard service machines? What > RIGHTS and ACCESS definitions should be standard. We only plan on running > Linux guests and standard IBM/3rd party tools, so just need a few > Users/Guests > that have the appropriate access for SysProg support, etc. > > Basically, we have the system in and operational, but NOW how should we > REALLY > have it setup to run/manage it securely and effectively. Any RedBooks? > I've looked, but don't see any that fit the bill. > > Thx > - Wally Vogtmann > - Technical Services > - wvogt...@tcfbank.com > ----------------------------Disclaimer---------------------------- > This email may contain privileged and/or confidential information that > is intended solely for the use of the addressee. If you are not the > intended recipient, you are strictly prohibited from disclosing, copying, > distributing or using any of the information contained in the transmission. > If you received this communication in error, please contact the sender > (“Company”) immediately and destroy the material in its entirety, > including all electronic and hard copies. > > This communication may contain nonpublic personal information about > consumers which is subject to restrictions under the Gramm-Leach-Bliley > Act and the Sarbanes-Oxley Act. You may not directly or indirectly reuse > or disclose such nonpublic personal information for any purpose other than > to provide the services for which you are receiving the information. > > There are risks associated with the use of electronic transmission. The > sender of this information does not control the method of transmittal or > any service providers and the sender assumes no duty, liability, or > obligation for the security, receipt, or any third party interception of > this transmission. > > The Company reserves the right to amend statements made herein in the event > of a mistake. Unless expressly stated herein to the contrary, only > agreements > in writing signed by an authorized officer of the Company may be enforced > against it. >
