No. No. No. No. No.
We use LOGONBY as a means of controlling who is allowed to log on to group ids and tracking what they do. None of those other commands would be useful or necessary in that context. Giving those permissions would negate, or at least complicate, our ability to track who did what when. Further, we would not want one user to be able to alter or compromise the functions being performed by another who was already logged on via LOGONBY. SEND, FORCE, and SIGNAL SHUTDOWN certainly have that potential, for example. Most of what is listed could be useful only to someone who is really knowledgeable about the functions of the virtual machine. They are also mostly useful in looking after service machines. They are not useful to someone who is a more naïve user who logs on to a group id to perform simple functions or to run an application program, and could be somewhat dangerous if abused, accidentally or on purpose, by such a person. It is the latter group that we must protect against by not giving them authorities that they will never need. The former group probably has the knowledge needed to function without the added authority. Regards, Richard Schuh ________________________________ There are some who believe that the authority to LOGON BY to a user should implicitly allow: - XAUTOLOG - SET SECUSER or OBSERVER - SEND (a la class C) - FORCE - SIGNAL SHUTDOWN Thoughts? -- Kris Buelens, IBM Belgium, VM customer support
