On Friday, 12/07/2007 at 03:55 EST, Rob van der Heij <[EMAIL PROTECTED]> wrote: > On Dec 7, 2007 3:36 AM, Marcy Cortes <[EMAIL PROTECTED]> wrote: > > > I'll never forget it again like I've done before because I have this > > nifty z/VM 5.3 feature in my directory entries: > > COMMAND SET VSWITCH TD6VSW1 GRANT &USERID > > Haha. :-) Now you did it. I cannot get this picture out of my mind > anymore: a crowd standing near Chuckie's cubicle calling "get rid of > silly double authentication schemes that don't do anything"
What double authentication? I see exactly one *authorization*: SET VSWITCH GRANT. A VSWITCH has the "RESTRICTED" attribute and that means there's an access list. I know I've said it before, but if you want a more flexibile authorization scheme on your system than that provided by CP, use an ESM. If you use an ESM you can give unrestricted access to the VSWITCH. Layer "zoning" on top of that, if you like. It is my philosophy that directory entries are *desired* configurations. If authorization has not been given to achieve that, so be it. If the person setting up the directory entry also has authority to confer authority upon others, that works, too (e.g. the COMMAND SET above). That CP has been inconsistent in that behavior over the years isn't a particularly good reason (IMO) to continue it. If someone wants to submit a requirement for an UNRESTRICTED VSWITCH, we'll consider it. Alan Altmark z/VM Development IBM Endicott
