On Wed, Mar 9, 2011 at 7:30 PM, Kris Buelens kris.buel...@gmail.com wrote:
At my former customer, we created several RACF groups. To name a few:
LBSYST to control LOGONBY to various users by system programmers
LBOPER for the operators' group
SYSALL to permit the system programmers to
To: IBMVM@LISTSERV.UARK.EDU
Subject: Re: zVM User Definitions
Good point, Kris. We actually do the same.. we have a VMADMINS group -- and
give that permissiong to LOGONBY. We add/remove people from the VMADMINS
group - not all the defininitions it may be part of. It 'is' a much better
way
We're new to zVM. Have the system operational with standard IBM supplied
User/Guest definitions. For example, we've implemented RACF, DIRMAINT,
PERF TK (soon Omegamon XE).
Our security folks don't really like us logging in as MAINT, TCPMAINT,
RACMAINT, etc. to do our changes - can't really tell
330-363-5050
Ext 35050
-Original Message-
From: The IBM z/VM Operating System [mailto:IBMVM@LISTSERV.UARK.EDU] On Behalf
Of Vogtmann, Wallace B
Sent: Wednesday, March 09, 2011 11:28 AM
To: IBMVM@LISTSERV.UARK.EDU
Subject: zVM User Definitions
We're new to zVM. Have the system operational
My suggestion would be to use RACF SURROGAT ..For example:
RAC RDEF SURROGAT LOGONBY.MAINT
RAC PERMIT LOGONBY.MAINT CL(SURROGAT) ID(YOURID) ACC(READ).
Now, when you login to maint -- they will know who did it. You would login
to MAINT using:
LOGON MAINT BY YOURID
And enter YOURID
And of course:
RAC SETROPTS CLASSACT(SURROGAT)
On Wed, Mar 9, 2011 at 11:33 AM, Scott Rohling scott.rohl...@gmail.com wrote:
My suggestion would be to use RACF SURROGAT .. For example:
RAC RDEF SURROGAT LOGONBY.MAINT
RAC PERMIT LOGONBY.MAINT CL(SURROGAT) ID(YOURID) ACC(READ).
Now, when
Ah - and maybe RAC SETROPTS NORACLIST(SURROGAT) unless you like having to do
a REFRESH whenever SURROGAT definitions are fiddled with. Thanks, Bruce!
;-)
Scott Rohling
On Wed, Mar 9, 2011 at 9:35 AM, Bruce Hayden bjhay...@gmail.com wrote:
And of course:
RAC SETROPTS CLASSACT(SURROGAT)
On
On Wednesday, 03/09/2011 at 11:29 EST, Vogtmann, Wallace B
wvogt...@tcfbank.com wrote:
We're new to zVM. Have the system operational with standard IBM supplied
User/Guest definitions. For example, we've implemented RACF, DIRMAINT,
PERF TK (soon Omegamon XE).
Our security folks don't really
Good point, Kris. We actually do the same.. we have a VMADMINS group --
and give that permissiong to LOGONBY. We add/remove people from the
VMADMINS group - not all the defininitions it may be part of. It 'is' a
much better way to manage things.
You do need to make sure GROUPLIST is YES so
