In most small shops the need for extensive operator auditing and security is not needed for accountability (IMHO). We normally have a few operators on shift at one time, so if something happens on the console we would be able to narrow it down fairly quickly. And we push the use of SDSF for most everything except commands that absolutely have to come from the console.
Our main issue years ago was that operators would share userids. The auditors LOVED that one. C. Todd Burrell PMP, MCSE 2003:Security Security+, Network+ Lead z/OS Systems Programmer ITSO (404) 723-2017 (Cell) -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On Behalf Of Gerhard Postpischil Sent: Wednesday, August 11, 2010 1:37 PM To: IBM-MAIN@bama.ua.edu Subject: Re: auditor request question On 8/11/2010 1:00 PM, Ted MacNEIL wrote: >> If the consoles are in a secure room that should suffice all but the most > stringent security standards. > > Unless you want to make your operators responsible for all commands issued from their consoles. So if I want to get an operator fired, I'll just have my privileged task issue a $PJ1-9999, using that operator's console id? Gerhard Postpischil Bradford, VT ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html