I believe the general case is always need-to-know. That is, there needs to be some business/technical justification for access.
The rational is to deny information to a potential intruder. I read that most intruders are those that already have some level of access to the system. -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On Behalf Of Mark Jacobs Sent: Thursday, May 17, 2012 8:07 AM To: IBM-MAIN@bama.ua.edu Subject: Syslog/Operlog Read Access Is it a consensus best practice to restrict read access of syslog/operlog data to those people with a need-to-know, or is it a UACC of READ appropriate? -- Mark Jacobs Time Customer Service Tampa, FL ---- Learn from yesterday, live for today, hope for tomorrow. The important thing is to not stop questioning. - Albert Einstein ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN NOTICE: This electronic mail message and any files transmitted with it are intended exclusively for the individual or entity to which it is addressed. The message, together with any attachment, may contain confidential and/or privileged information. Any unauthorized review, use, printing, saving, copying, disclosure or distribution is strictly prohibited. If you have received this message in error, please immediately advise the sender by reply email and delete all copies. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN