On Monday, 10/26/2009 at 08:35 EDT, Lee Stewart <lstewart.dsgr...@attglobal.net> wrote: > Hi all... > > If I want to make a console log less tamperable by someone on OPERATOR > who might want to hide his workings, can I do something like define > OPERATOR's own authority to NONE, yet still have the console log work, > just that the OPERATOR can't stop or redirect it? (So he can't issue > something like a SPOOL CONS STOP or a SPOOL CONS NOTERM.) Or maybe > have the OPERATOR's console owned by another user? Or?? > > The intent is to send the console to a service machine that will archive > it off the VM system. And from creation till it's off the VM system, > it should be as tamper-proof as possible.
The only way to stop the OPERATOR from messing with a user's console log is to take away the operator's ability to SEND commands. That means (a) no class C SEND, and (b) no privileged SET SECUSER. I would suggest the operator shouldn't have class C and that you change the privclass of class A SET SECUSER to something else. RACF will not help you with this unless you simply want to monitor the use of SEND (any privclass). Alan Altmark z/VM Development IBM Endicott