[Info-vax] Restrict the use of SUBMIT/USER= to one particular user.

[Richard Maher]

On 07-Nov-16 5:52 PM, Joe wrote:
> We have a set of application users who submit some application
> batches on a specific user with the command SUBMIT/USER=APP$MGR. To
> perform this, the application users are provided with CMKRNL
> privilege. I notice at times some users use this privilege and submit
> some jobs under SYSTEM user. What would be the best way to restrict
> this? I'm thinking of a captive menu to get all the required details
> and validate the user part and then submit in the background, is this
> a good idea? Do we have any other option to restrict this easily?
>

What does the submitted command file do? What is the APP$MGR persona 
used for?

Could it be possible that a $persona_create/assume around the "just need 
privilege for this bit" would suffice?

It may well be that your requirement is happy for jobs to queue up in 
batch but a $persona_assume before a $creprc prc$m_detach and 
loginout.exe does provide advantages.

Either way as others have suggested install the image with CMRNL but be 
aware that only trusted logical names may be required for DLLs etc,

Cheers Ric hard Maher