If your site is licensed to use the Input-Only feature then input-only
   watching/logging can be authorized for specific users by granting them
   the proper rights-ids.

   For being watched by SPY with /INPUT_ONLY the ID is SPY$INPUT_WATCHEE.

   For watching with SPY using /INPUT_ONLY the ID is SPY$INPUT_WATCHER.

   To add these identifiers to the system rights database use the
   AUTHORIZE commands ADD/IDENTIFIER SPY$INPUT_WATCHER, and
   ADD/IDENTIFIER SPY$INPUT_WATCHEE.

   To then grant these identifiers to specific users, use an AUTHORIZE
   command in the form of GRANT /IDENTIFIER PEEK$INPUT_WATCHER J_JONES

   GREAT CARE SHOULD BE USED WHEN GRANTING THESE IDENTIFIERS SINCE THEY
   ALLOW THE WATCHING OF PASSWORDS AND OTHER NON-ECHOED INPUT.