Kendall,
>>>
The stuff to be managed is user related security and password / rights stuff.
<<<
The way _WE_ do that (and that may or may not suit your site) is to have Captive account for our "authorisations service guys"
The run simple DCL scripts that do all kinds of validations (and the kind of logging we like) and if validations are passed, then a dedicated INSTALLed image is run, which checks correct startup, and then LIB$SPAWNS a .COM file (using its exec mode logical name). The .COM file enables SYSPRV, gets all input for AUTHORIZE from the master pid symbols that were set up after validation.
We are (for a long time already) considering Protected Subsystem for this (and various other such) images, but we never yet got to that. Which does not mean it could not be done if security wishes should reach that level.
The whole point is, to have pne image per functionality. (making more is simplicity itself: define the LNM for the command file to be spawned, and that one word is all you change to the source(.
And the (should be very few) cases that do not pass validation but are needed nevertheless, should and are being done by trained system managers.
Works very well for us; your milaage may vary.
hth
Proost.
Have one on me.
jpe
Don't rust yours pelled jacker to fine doll missed aches.
