On 8/25/07, David Boyes <[EMAIL PROTECTED]> wrote: > Then you can start on command operand authorization...8-)
Oh no... you gave Chucky a new idea. We'll blame you for all that comes out of this. Most CP commands right now only allow the ESM to audit, not to control access. If the ESM gets granular access control, we need a a lot of new error messages to reflect that. Given enough beverages of choice, I could come up with situations where you might want user A to be able to use the DEFSEG command for segment S only. What you do now is to have a disconnected virtual machine with enough privileges and run PROP there. An easy API for RACROUTE might be nice to avoid yet-another-list of powerful users (especially since some weasels want that all disks with lists of powerful users are protected against reading). Rob
