I think whether NEEDPASS YES is still needed is an "it depends" and
should be left to the customer. What is needed, however, is a
re-engineering or a redesign or rethinking of how and where it is
defined in DIRMAINT. In talking to some developer in Endicott (don't
remember who), what came thru is that from the developer standpoint,
they know the product and definition tables so well that it is not
apparent to them how totally confusing DIRMAINT is from a setup or
installation standpoint. Coupling the confusion of DIRMAINT with RACF
takes the confusion factor to a whole new dimension. Take some VM
sysprog from off the street who doesn't live with DIRMAINT every day and
have them install it and take note of the questions and problems they
encounter.
Just my opinion.
Jim
Alan Altmark wrote:
I'm not denying the requirement (need/desire) for the capability. The
question was asked whether the way it works is correct or not. It is
working as we (IBM) intend. Over time I hope to provide better controls
for this sort of thing. It was not until recently that LOGON BY
considerations began to appear in implicit authorizations.
This leads me to ask: Is NEEDPASS YES still needed? I view it as an
anachronism from an older time when we didn't have autolock screensavers
and generally more stringent workstation security policies. No more
"always on" terminals.
Alan Altmark
z/VM Development
IBM Endicott
--
Jim Bohnsack
Cornell University
(972) 596-6377 home/office
(972) 342-5823 cell
jab...@cornell.edu