Thanks everyone for all of your comments. Let me try to address everything at once so as to avoid mailbox clutter.
@John McKown: Yes, to be able to read is ultimately to be able to steal, but we want to make it harder for the bad guys. The example I use in presentations is the person who has access to the customer list dataset for query purposes. Management would like to know if they were downloading the whole file to their PC every night. Thanks also for the kind words. We'd like to think it's good solution. We are in contact with the OP. I suspect your price is better but our support is probably better. <g> @Walt Farrell, right. Fairly simply, if I can browse a (printable character) file in ISPF, I can cut and paste it into a file. It would be difficult for a many-megabyte file, and it is more likely that someone would use IND$FILE (or another tool such as FTP). @Ed Finnell: I was not aware that some emulators had a built-in FTP capability. Makes sense, though. That would be great: FTP is a lot more powerful and writes GREAT audit records. Some emulators do not have this capability, including, apparently, the emulators in use at several large customers who seem to be interested in this capability. "File transfers from an FTP command in a 3270 session" might also be referring to typing TSO FTP 127.1.2.3 ... on the FTP command line to send a file here, there or anywhere. @Shmuel Metz: True, it won't catch FTP transfers. FTP transfers are well-auditable via SMF 118/119, unlike IND$FILE. This list of things it won't catch is, after all, nearly infinite. Charles ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
