Quoting Mike Harding <[EMAIL PROTECTED]>: > No, that's backwards. You permit the $SYSTEMS group to the logonby.maint > resource, then users who have a connect to that group automatically have > the ability to use logonby to the maint id. You would need to define the > resource and do the permit for any other shared id for which you wanted to > do logonby. I think you could use a RACFVARS profile if you wanted to act > on a group of userids. See the Security Admin's manual. > In the simple case, though: > 1. ADDGROUP $SYSTEMS OWNER(SYS1) > 2. CONNECT USER1 GROUP($SYSTEMS) > 3. CONNECT USER2 GROUP($SYSTEMS) > ... > 4. RDEF SURROGAT LOGONBY.MAINT UACC(NONE)... > 5. PERMIT LOGONBY.MAINT CLASS(SURROGAT) ACCESS(READ) ID($SYSTEMS) > > Now as your systems group membership fluctuates, you connect new members > to the $systems group and remove departing ones. But per this example > you'd have to repeat the RDEF/PERMIT for other service/maintenance > userids. > --Mike > Ah, I got it now. I'll pass on your explanation to our RACF goddess. She'll probably be wondering why I was asking y'all and not her anyway. :-)
Thanks again, Leland