Re: A z/VM idea.

Rob van der Heij [EMAIL PROTECTED] wrote: However, your security administrator may not like it. When you have an ESM and audit invalid link attempts, your users may not know what they're accused of. If you're not suspicious yet, read on.. ;-) Sure, but if you have an ESM, won't you already have a

Re: A z/VM idea.

I have used access to specific members on SFS disks. If the user can read the file and parse a specific item out of the first record, then could do something special. Tony Thigpen -Original Message - From: Huegel, Thomas Sent: 01/22/2007 11:05 AM I was recently coding some execs

Re: A z/VM idea.

From: Huegel, Thomas [EMAIL PROTECTED] Date: Mon, January 22, 2007 11:05 am As I was doing this I was thinking 'How many times over the past 30+ years have I done this same type of coding? There must be a better way to identify these different groups than to have tables or files with

Re: A z/VM idea.

RPN01 [EMAIL PROTECTED] wrote: Just slightly outside the box... Could you use the eight digit account field as a numeric index into a publicly accessable file and keep the actual parameter lines needed in that file? The file lines could be as long as necessary, and with eight digits to index with,

Re: A z/VM idea.

On 1/23/07, Phil Smith III [EMAIL PROTECTED] wrote: You could also use dummy deferred LINKs, I suspect: However, your security administrator may not like it. When you have an ESM and audit invalid link attempts, your users may not know what they're accused of. If you're not suspicious yet,

Re: A z/VM idea.

cc System [EMAIL PROTECTED] Subject ARK.EDU Re: A z/VM idea

Re: A z/VM idea.

Subject: Re: A z/VM idea. Building on the idea, ANY virtual device would do. Could be a SPECIAL device, virtual printer, reader, etc. Use CP Q V vdev instead of the CP LINK * vdev. Mark Wheeler, 3M Company Rob van der Heij [EMAIL PROTECTED] m

A z/VM idea.

I was recently coding some execs that set up things like mdisk links and certain 'privlages' for users within thier 'groups of responsibilty' ie programmers can do programmer type functions supervisors can do programming functions plus certain other supervisor functions etc. As I was doing this I

Re: A z/VM idea.

You could add directory comments and parse the comments with some piping. Huegel, Thomas wrote: I was recently coding some execs that set up things like mdisk links and certain 'privlages' for users within thier 'groups of responsibilty' ie programmers can do programmer type functions

Re: A z/VM idea.

On 1/22/07, Huegel, Thomas [EMAIL PROTECTED] wrote: Then I had an idea this would be a lot easier if there was a z/VM directory entry called USERDATA that would be freeform and queryable ie Q UDATA. That way one could id a user any way he wanted to and use or not use the values. So you think

Re: A z/VM idea.

Then I had an idea this would be a lot easier if there was a z/VM directory entry called USERDATA that would be freeform and queryable ie Q UDATA. That way one could id a user any way he wanted to and use or not use the values. Does that make sense to anyone else? Or is there something

Re: A z/VM idea.

Both DIRMAINT and VM:Secure have the ability to store and retrieve user specified comment records in a CP Directory source entry. Each of these comments has a tag identifier for easy retrieval by tag name. Bob Bolch

Re: A z/VM idea.

it always should be. Thanks Tom -Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] Behalf Of Bob Bolch Sent: Monday, January 22, 2007 10:19 AM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: A z/VM idea. Both DIRMAINT and VM:Secure have the ability to store

Re: A z/VM idea.

Well, that's kind of what the ACIGROUP functionality is for, but it really requires an ESM. The other problem is that you can be in only one ACIGROUP at a time, so if you need combinations of privileges, you end up defining n**2 possible groups. If you have RACF or VM:Secure or some such,

Re: A z/VM idea.

On Monday, 01/22/2007 at 10:05 CST, Huegel, Thomas [EMAIL PROTECTED] wrote: I was recently coding some execs that set up things like mdisk links and certain 'privlages' for users within thier 'groups of responsibilty' ie programmers can do programmer type functions supervisors can do

Re: A z/VM idea.

On Monday, 01/22/2007 at 12:02 EST, David Boyes [EMAIL PROTECTED] wrote: Well, that?s kind of what the ACIGROUP functionality is for, but it really requires an ESM. The other problem is that you can be in only one ACIGROUP at a time, so if you need combinations of privileges, you end up

Re: A z/VM idea.

You can also use RACF groups just as a way to group users, that is, not even grant permissions to the groups. Then an exec can use RACF LISTUSER to see which groups the user is in. My customer uses this approach in its system profile: when a user is in such an application group, the application

Re: A z/VM idea.

PROTECTED] Behalf Of Kris Buelens Sent: Monday, January 22, 2007 12:00 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: A z/VM idea. You can also use RACF groups just as a way to group users, that is, not even grant permissions to the groups. Then an exec can use RACF LISTUSER to see which groups

Re: A z/VM idea.

To get a directory entry: if you have access to DIRMAINt's minidisks, you can use DIRME EXEC (part of DRM package) as a Pipe stage to get one or more directory entries. -- Kris Buelens, IBM Belgium, VM customer support 2007/1/22, Huegel, Thomas [EMAIL PROTECTED]: I don't have RACF. I am

Re: A z/VM idea.

I have 4 groups of people and I put a LINK in the CP directory to the misk that has the files they are authorized to use. If someone falls into two groups I simply put two LINKs in the directory. /Fran Hensler at Slippery Rock University of Pennsylvania USA for 43 years [EMAIL

Re: A z/VM idea.

are different. From: Huegel, Thomas [EMAIL PROTECTED] Reply-To: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU Date: Mon, 22 Jan 2007 10:45:44 -0600 To: IBMVM@LISTSERV.UARK.EDU Subject: Re: A z/VM idea. Thank-you everyone. I had been using the ACCOUNT data but it has limitations i.e. only eight