On Thursday, 02/09/2006 at 05:23 CET, Rob van der Heij <[EMAIL PROTECTED]> wrote:
> :rant. > I am tempted to say this is the most stupid thing in z/VM, but one > should not underestimate Chuckie and there's several ones running > pretty close... > On a system without ESM, when the directory entry already defines that > the NIC should be coupled to the VSWITCH, then that should not be > subject to other tweaking. IMHO the PLO would be that only the manual > COUPLE command is subject to the GRANT settings. > :erant. It's a design philosophy. Displaying the access list for a VSWITCH is difficult if it is a combination of GRANTs plus NICDEFs. We don't want to search the directory every time someone does a QUERY. And displaying an access list that isn't definitive is worse, IMO, than no access list at all because you can get a false sense of security. And if the NICDEF is present, but the user is NOLOG, does he have permission? And if you DETACH the NIC. Does a COUPLE to the same VSWITCH result in a GRANT check? Or is access implied by the directory? Gaaaack.... And different rules about the authority of the directory when an ESM is present vs. not? No thanks. We've already got the LINK oddity. Alan Altmark z/VM Development IBM Endicott ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
