> So if you connect a user to GROUP1B, they will have access to resources > permitted to GROUP1B, GROUP1, and SYS1.
On second thought, no, that's not right. You still have to be CONNECTed to the permitted group. Duh. Permissions are not processed hierarchically. The hierarchy comes into p lay regarding *management* of groups. That is, the scope of authorization fo r the group-SPECIAL, group-OPERATIONS, and group-AUDITOR attributes. (Sorry about that.) Alan Altmark z/VM Development IBM
