On Sat, 9 Apr 2011 13:24:40 -0500, Elardus Engelbrecht <[email protected]> wrote:
> Use RACF LOGOPTIONS ALWAYS for OPERCMDS class. > (playing devil's advocate a bit here) Why? Do you insist on logging all access to everything from your system programmers (not just commands - data sets, other resources). Don't you think they can destroy or sabotage a system with much less visibility than a person with SDSF command authority (both are presumed to be "trusted" employees)? SDSF can show the userid who entered the commands and you can set your consoles to require logons as well and then those commands will also be logged in the syslog/operlog. Mark -- Mark Zelden - Zelden Consulting Services - z/OS, OS/390 and MVS mailto:[email protected] Mark's MVS Utilities: http://www.mzelden.com/mvsutil.html Systems Programming expert at http://expertanswercenter.techtarget.com/ *** Please note the new URL for Mark's MVS Utilities *** ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
