This is just what I would say (except for VM:Secure rather than RACF). Shimon
> I want to wind back a bit on this one:- > > We do use RACF as an ESM and we do use LOGONBY (controlled by RACF > profiles) extensively. > > I understand that any user with LOGONBY authority can log on and give any > of the commands mentioned but we would be extremely unhappy about these > users being able to give those commands on behalf of that user without > logging on. This should not be the assumption and, if it becomes so, then > there should be an easy way to revert to the current status :- > > There are 2 issues here :- > > 1. Visibility > Searching RACF audit record is no substitute for seeing the > commands entered on the console of the user. > > 2. Serialisation > Insisting the user logs on (LOGONBY) ensures that they (and only > they) have control of that user at that time.\ > > I would be OK with the ability to enable the behaviour suggested but I > would be very unhappy for it to be the default that we had to find a > workaround for. > > > > Colin G Allinson > Technical Manager VM > Amadeus Data Processing GmbH > T +49 (0) 8122-43 49 75 > F +49 (0) 8122-43 32 60 > [EMAIL PROTECTED] > http://www.amadeus.com > > > -- ************************************************************************ Shimon Lebowitz mailto:[EMAIL PROTECTED] VM System Programmer . Israel Police National HQ. Jerusalem, Israel phone: +972 2 542-9877 fax: 542-9308 ************************************************************************