Security - OPSVIEW - SSM Monitor Display (4.11.2) & Parms (0.1)

Idea created by frank.ternest on Jan 29, 2019
    Under review
    Score3
    • guy.vancutsem
    • frank.ternest
    • Hennie_Hermans

    Actually we have the parameter SSMMONDISP (SSM MONITOR DEFAULT DISPLAY MODE) for which the default is E (Edit). Changing the value to B has only consequences for new users. In their ISPF-profile, the standard will be set to Browse. Changes to SSMMONDISP have no impact for existing profiles

    Actually all the users are able to change the settings for ever using option 0.1 (SSM Monitor Display) to V or E.

    Using the panel 4.11.2 they have the same authority, but only for the duration of the session. After leaving the session, the value will be again the value of the ISPF profile.

    Of course, changes of the resources, voluntary or involuntary, can be controlled the security rules (and partially by external security).
    But with the security rule we see again some problems
    1) cause the fact that we can only create one rule for all SQL-related stuff. (I asked earlier to have the same possibility for SQL as we have for the global variables and the CMD), the rule will include a lot of coding.
    2) Attempts to change resources by unauthorized people will be blocked, but this will have a cost for processing.

    Our final goal is to have only the option to make changes in 4.11.2 and that only for authorized people, returning to the value of SSMMONDISP (the value will be BROWSE in our case).
    If possible we liked to exclude the option E (Edit) so that the verification is always on, using the option V.

    We believe that this should be done using a new parameter, so that existing implementations are not harmed, for the way how the values are retrieved (ISPF-profile or SSMMONDISP) and a new external security profile for the possibility to change the authority.