On 2/12/2007 8:58 AM, R.S. wrote:
Jacky Bright wrote:
Hi,
I have 2 TSO Users (ABC and XYZ)
ABC has high level access privileges.
XYZ do not have any such access.
I am trying to submit 1 job from XYZ userid which require access
privileges
from ABC.
In case I define XYZ user as surrogate user for ABC then is that going to
work.
what implications it will have at system side ? security issue ?
It depends.
However surrogate means, XYZ can do everything (*) that ABC can.
(*) With exception (AFAIK) to rarely used security labels.
SURROGAT can allow many cases of using security labels, too, I believe.
Not all cases, though; thanks for mentioning that case as I hadn't
thought about it before.
Walt Farrell, CISSP
z/OS Security Design, IBM
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html