[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.
Phillip Helbig undress to reply
helbig at asclothestro.multivax.de
Mon Nov 7 17:06:56 EST 2016
In article <380f5f5d-50bb-48b0-89b7-1a207a298f5d at googlegroups.com>, Bob
Gezelter <gezelter at rlgsc.com> writes:
> Create a separate image that does the actual SUBMIT. That image is installed
> with the CMKRNL privilege.
>
> Thus, when the user invokes that image, they are able to do the SUBMIT/USER,
> but not otherwise. When I did this a while back for a client, I also imposed
> the requirement that the privileged program checked to see if the user
> held a Rights Identifier related to the Username that was being submitted.
> For additional security, protect the privileged image so that the User cannot
> even access it unless they hold a specific Rights Identifier.
>
> That protection scheme should satisfy most auditors.
Sounds like a good suggestion!
More information about the Info-vax
mailing list