Hello, z/OS 1.4 here. I apologize in advance for not knowing the best list to send this question to. (Perhaps ISPF-L? But I'm not a subscriber there.) I'm proposing to our systems folks that we allow a "user" to use TSO to get to the Zeke Work Center function. I'm being told that there is no way for us to limit what the user can do if we let them intoTSO. (Historically, we had RACF practically emasculated. This has been tightened down recently. Our application programmers no longer, for instance, have update access to SYS1.PARMLIB, etc.)
I'm going to counter this assertion with my own, namely: We can create a sign-on PROC that executes a CLIST and panel that only gives this user access to Zeke. Once they're in Zeke, I'm confident (using the Zeke security functions) that I can limit them to just what I want them to be able to do. I'm hoping no RACF changes will be required, except perhaps for authorization to execute the sign-on proc. The only catch I see is that we currently select (from our initial menu) the "Altai/Platinum" product support menu which has Zara and Zeke, and choose Zeke from there. We don't want this user to see Zara, only Zeke. Am I making sense? Is my position sound? Any tips? I have been looking at the TSO/E Customization manual. The two-step I'll face is: 1) It can't be done. 2) It would take a long time to do that. TIA! Stg ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html