We had that desire, too. So years ago I wrote an ADDUSER EXEC for our Security Admins (who have a strong z/OS RACF bias and rarely issues VM:Secure commands manually). Aside from the usual 'stuff' needed to enter a new userid, it included a record in one of the formats: *UI= lastname, firstname, EN= employee number or: *UI= ownerid, SVM usage
Were I to do it again today, the format might be more along the lines of: *UI= userid, contactid, lastname, firstname, EN= employee number Including the actual userid in the record is redundant with the "USER userid ... " record above, but it is simpler to search in XEDIT without using a Pipe and juxtapose stage; just issue: ALL /*UI= / In the above wish list, 'contactid' would usually match the 'userid', except for service virtual machines. 'Contactid' gives a clue who to contact for an application svm. Installed product svms would probably have a 'contactid' of MAINT. Mike Walter Hewitt Associates Any opinions expressed herein are mine alone and do not necessarily represent the opinions or policies of Hewitt Associates. "Kris Buelens" <kris.buel...@gmail.com> Sent by: "The IBM z/VM Operating System" <IBMVM@LISTSERV.UARK.EDU> 02/10/2009 10:19 AM Please respond to "The IBM z/VM Operating System" <IBMVM@LISTSERV.UARK.EDU> To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Short user description in sample CP directory Even though it was in my mind, I didn't dare asking for a full fledged solution: a comment record doesn't require extra coding. At my former customer's installation, the first record following USER had the name of the person (or role if SVM), and was indeed carried over to RACF as well. 2009/2/10 Alan Altmark <alan_altm...@us.ibm.com>: > On Tuesday, 02/10/2009 at 09:12 EST, Kris Buelens <kris.buel...@gmail.com> > wrote: >> Has it been suggested already that the sample CP directory would >> contain, for each userid, a one sentence description? > > Yes. (It was suggested here previously so that RACF initialization can > associate a name/purpose with a user ID.) I have some concerns about > storing metadata in comments in the directory, but I guess I can get over > it. > > I prefer to have such data stored in the object directory where it can be > interrogated, updated, and supported by a wide variety of Interested > Parties. However, in the case of Sooner v. Later, more complex solutions > always side with Later. Though maybe, with apologies to Voltaire, I > shouldn't allow the Perfect to become the enemy of Good Enough? > > Alan Altmark > z/VM Development > IBM Endicott > -- Kris Buelens, IBM Belgium, VM customer support The information contained in this e-mail and any accompanying documents may contain information that is confidential or otherwise protected from disclosure. If you are not the intended recipient of this message, or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message, including any attachments. Any dissemination, distribution or other use of the contents of this message by anyone other than the intended recipient is strictly prohibited. All messages sent to and from this e-mail address may be monitored as permitted by applicable law and regulations to ensure compliance with our internal policies and to protect our business. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, lost or destroyed, or contain viruses. You are deemed to have accepted these risks if you communicate with us by e-mail.
