I don't know about the feasibility of the first part of Russ'
paragraph.  But the last sentence is totally unnecessary.

You can force a user into a specific logon groups at time
of user creation, or by altering the user afterward with
the ;HOME parameter of the NEWUSER or ALTUSER command.

Therefore, a log on script is not required.

Groups can be passworded.  The elegant part of an MPE
passworded group is that it does not ask for a group
password if it is a user's home group.

If a person wants to change group or log on to a group
other than their home group.  They must know the group
password.

Maintenance is then minor.  Which user knows which group
passwords then becomes a Management/HR problem, not a
computer problem.

"Dick, what were you doing in Jane's group?  Did she give
you her group password?"  "Uhhh, no."  "How did you find it?
Why didn't you just ask her to RELEASE the files?  You know
company policy on the matter, here's your Pink Slip, HR has
your severance check."

The above is a harsh example, but feasible within the confines
of MPE.

Add MPEX.  The AM of an Account (and SM) will not be asked
for a group password either, if doing a CHGROUP in MPEX.

Tracy Johnson
MSI Schaevitz Sensors

Russ Smith said,

Carl,

Here's a really ugly idea.  Maintenance would be a pain, but how about a
script that checks a file that lists the userid and the groups to which they
have access (or to which they are denied) and sets a variable determining
whether or not the group specified in a CHGROUP command is acceptable.  Set
a UDC to replace CHGROUP and apply the test before allowing the move.  Set
all your groups to ACCESS=(R,L,X,A,S,W=GU,AL).  You will have to add
something to your logon script to force people into specific groups at
logon.  It's not pretty, but it should work.

Hope this gives you some ideas,
Rs~

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *