On Fri, 24 Aug 2007 15:52:55 -0400, Alan Altmark <[EMAIL PROTECTED] > wrote:
>On Friday, 08/24/2007 at 02:49 EDT, Brian Nielsen <[EMAIL PROTECTED] V> >wrote: >> I don't think that's a good idea. Class G users can be given LOGONBY to >> another class G user for a variety of reasons. Neither userid should >get >> other than class G just because of the LOGONBY authorization. > >Sorry to confuse. I was suggesting a rule that says, as a class G user, >you could target >- XAUTOLOG >- SET SECUSER or OBSERVER >- SEND (a la class C) >- FORCE (with a new class G version) >- SIGNAL SHUTDOWN > >to any user to whom you are authorized for LOGON BY. Thinking further, if >you did not have LOGON BY, but did have XAUTOLOG authority, would it be ok >to implicitly grant FORCE and SIGNAL SHUTDOWN? > >That gives two general classes of action: >- manage the guest (start, stop) >- BE the guest (start, stop, see, do) > >Alan Altmark >z/VM Development >IBM Endicott >======================== ========================= ======================== That's an important distinction not originally mentioned. Be careful to not unnecessarily tangle the structure. Perhaps amending the FOR command to include authorization for LOGONBY users in addition to the SECUSER would be a simpler way to accomplish the "be the guest" portion. Whether extending authorizations allowed by XAUTOLOG is appropriate depends on your degree of paranoia. I wouldn't assume it's a given that being able to start a stopped guest should allow stopping it as well. Brian Nielsen
