On Oct 28, 2005, at 7:41 AM, Martin Kline wrote:
I apologize in advance for not knowing the best list to send this
question to. (Perhaps ISPF-L? But I'm not a subscriber there.) I'm
proposing to our systems folks that we allow a "user" to use TSO to
get to the Zeke Work Center function. I'm being told that there is
no
way for us to limit what the user can do if we let them intoTSO.
Sounds like bullshirt to me. Any user with ATTRIBUTES=RESTRICTED will
require that _every function_ they need be explicitly authorized,
regardless of any existing UACC settings.
I find this interesting. Just recently, list members were objecting
that
limiting a user's access to resources (in that case it was memory) was
probably keeping them from doing their job. Where are they now?
The argument was that if a user was requesting a resource, they MUST
NEED
IT for their job. This seems like a very similar situation. Why not
allow
the users access to all of ISPF, and depend on their honorable nature
to
only use those functions that they need to do their job?
Martin,
One of the main objections I have to a "common" logon is that there is
no accountability.
I would run the concept by the auditors.
Ed
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
