We use LOGONBY to be able to log onto a test user whose profile has nothing but class G authority. It's great to be able to do final testing to make sure that the final users have access to all necessary functions. Changing the privileges by default might negate some of those results.
Nora Graves [EMAIL PROTECTED] Main IRS, Room 6513 (202) 622-6735 Fax (202) 622-3123 -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Altmark Sent: Friday, August 24, 2007 12:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Ops privs On Friday, 08/24/2007 at 11:54 EDT, "Schuh, Richard" <[EMAIL PROTECTED]> wrote: > In that case, FORCE and XAUTOLOG should be in a class that does not include > SHUTDOWN. After all, why should we trust TCPIP any more than we do > other users? > Who knows what information it is shipping to Chuckie unbeknownst to us? C says: "no no no. it's fine. really. trust me. (heh heh)" There are some who believe that the authority to LOGON BY to a user should implicitly allow: - XAUTOLOG - SET SECUSER or OBSERVER - SEND (a la class C) - FORCE - SIGNAL SHUTDOWN Thoughts?