Hi Radoslaw, In your post in response to Wayne, you wrote
".........But seriously: I have business reasons to allow some folks to issue DISPLAY (and some MODIFY) commands. I can filter the commands very precisely, for example I can allow to F CICSA, but not CICSB. However *every* person having such (limited) access is also able to blow up our DB2 subsystem." This situation is not the case on my z/OS 1.6 System. I recently opened Display authority within SDSF to allow certain uses to display the status of various network components. If I log on to one of these userids and type /-DB8G STOP DDF the command is rejected by SDSF as being an authorised attempt. Whilst I accept that attempting to stop DDF rather than DB2 in its entirety is not quite the same, the point is that SDSF stopped the command, whilst it did allow /D SMF. I haven't got any User's authorised to issue the modify command so I cannot comment specifically at that higher level of authority, but certainly Display, at least on my system, does not give authority to close DB2. As a point of interest I also have a VTAM application which issue various shutdown commands, and whilst it can close some tasks either via Cancel or Stop, it cannot close DB2 at present as its command is declared unauthorised. My system also has a simplistic approach in this area in that RACF is not, as far as I know, exploited from an SDSF perspective, it is only the SDSF Parm member which controls security. Kind regards - Terry Terry Sambrooks Director KMS-IT Limited 228 Abbeydale Road South Dore Sheffield S17 3LA UK Tel: +44 (0)114 262 0933 WEB: www.legac-e.co.uk www.kmsitltd.co.uk Reg: England & Wales 3767263 at the above address All outgoing E-mails are scanned but it remains the recipients responsibility to ensure that their system is protected from viruses, trojans, worms, and spy-ware. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
