[Info-vax] Job logicals linked to a process
Stephen Hoffman
seaohveh at hoffmanlabs.invalid
Fri Jan 8 19:54:45 EST 2021
On 2021-01-09 00:11:22 +0000, Chris Townley said:
> All in the past,
Yet you're here, asking this, which implies this mess is seemingly
rather less in the past than might be preferred.
> ...but we only allowed shared usernames in either totally read only ,
> or with updates authenticated and logged by other means.
> The former had no password, and the second password was well known, but
> without tyhe secondary credentials was read only. Worked for years!
>
> Sadly now all in the past
Not the first time I've heard folks ask for logins to manage logins,
and not the first time—as has been done here—folks have implementing
per-user logins to manage shared logins.
Privileges to control privileges was another similarly classic request.
Fun fact: there's a means to grant a user SETPRV privilege, but where
that privilege is entirely unavailable for committing mayhem. But I
digress.
Generally, it's either best to either fix the shared login problem with
per-user logins issued, or to do what management seemingly wants done
here and ignore it.
Which means you'll prolly end up adding your own login mechanism into
SYLOGIN or the user's LOGIN, and preferably with the shared user marked
as CAPTIVE or RESTRICTED or it'll get bypassed. Create your own login.
It's been interesting watching how fast some these cases can get fixed
when management decides, too—more than a few of these cases go from
"impossible" or "never" or "infeasible" or "unaffordable" to "done",
once the issue is re-decided.
But in other cases, management was somewhere between oblivious or
overloaded or otherwise overwhelmed, and some management seemingly
enjoyed keeping IT staff into intractable and untenable situations.
Been there. Not Fun.
--
Pure Personal Opinion | HoffmanLabs LLC
More information about the Info-vax
mailing list