 |
» |
|
|
|
This section explains how to reduce the chance of password exposure by using the Stream Privilege option. Stream Privilege Option Features |  |
This option provides the following features: Allows system processes to stream jobs without passwords. Allows the System Manager, Account Manager, and job owners to stream jobs
without supplying passwords. Provides Stream Privilege Authorization to let users other than System
Managers, Account Managers, and job owners stream jobs without supplying
passwords.
When password verification is waived under this privilege, passwords are
ignored if present. Note that if the Embedded Password Disallowed option is
enabled, the stream attempt fails if an embedded password is present. The Stream Privilege feature is independent of the Cross Streaming
restriction. System Managers, Account Managers and job owners always
have the right to stream jobs within their domain of control, even with the
cross streaming restriction in effect. On the other hand, they do not have
the right to bypass password authentication when the Stream Privilege feature
is not enabled. Stream privilege can be granted at two levels:System Managers, Account Managers, and job owners only, this is the
more restrictive of the two. Additional authorization on protected jobs, this extends the
privilege to other users when streaming protected jobs to which they have
EXECUTE access.
If nested jobs (jobs that are streamed from within another job) are used,
Stream Privilege should be enabled. This lets System Managers, Account
Managers, and job owners stream the nested job without passwords. (Make sure
any passwords are removed, and ensure the outer job has proper capability
to stream the nested job). Similarly, enable the Stream Privilege when running device-direct jobs, such
as those that come directly from tapes. This lets these jobs
run without passwords. When enabled, the Stream Privilege option also applies to system processes.
This is the case because system processes are associated with
MANAGER.SYS and therefore, share the same attributes and capabilities.
|