On 23 April 2010 11:20, Bathmaker, Jon <[email protected]> wrote:
> Hi Tony, I'm another Tony, but... > We want the users to have the SECURITY privilege while they are using an > ISPF application and ONLY while they are using this app. If we grant > them SECURITY using a command they will have that privilege the next > time they logon to TSO, regardless of the app., and that 'would be > wrong' (as Mr. Nixon said). If you set the SECURITY priv in the ACF2 database, then surely if the same user logs on to any other app while they are logged on to your magic TSO/ISPF app, they will also have SECURITY there. Perhaps you can control your users so they cannot logon to anything else, but it sounds like a bad approach. What if business requirements change later, and one of these users gains access to UNIX or even FTP or the like? Also, how can you reliably keep the user from interrupting the Chosen App, and escaping into a more general command environment? It's not easy with ISPF. This problem is in many ways similar to the "unauthorized code mixed with authorized in one address space" thread going on elsewhere on this list. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
