>In those banking environments, did you protect or monitor the use of the LISTDSD, RLIST, or SEARCH commands and their aliases?
I wasn't the security admin. I was just aware of the policy and the potential 'exposure'. Considering how obsessive most security personel are, I can assume what was known was done. I'm sorry if it sounds like I'm ducking the question. The last bank I worked at, actually used ACF2, and while implementations are different, policy enforcement is generic. There, I know that they restricted AUDIT, which allowed users to look at any security rule in the ACF2 database. - Too busy driving to stop for gas! ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html