On Sat, 17 Nov 2007 00:15:03 -0600, Joel C. Ewing wrote: > >I can't conceive of any rational reason why a sysadmin or auditor would >want to restrict batch TMP usage. It buys you no power or data access >that could not be derived by other means, except perhaps for the >somewhat dubious ability to execute CLISTs - but everything a CLIST can >do can be better done by REXX. > Under TMP, but not otherwise in Rexx, you get:
o ALLOCATE (yes, BPXWDYN is a near equivalent, but lacks some keywords.) o ISPF o LISTDSI (other TSO functions?) o IDCAMS commands (RENAME, ...) o CALL APF authorized programs. But I'm being devil's advocate. Restricting users' access to TMP is as irrational as restricting their access to Unix System Services. But some auditors feel such an irrational desire to exclude access to any facility a user doesn't need to perform his job. The Totalitarian view: "Everything is prohibited unless it's compulsory." -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
