× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



I voted. Good idea.


--
Jim Oberholtzer
Chief Technical Architect
Agile Technology Architects


------ Original Message ------
From "Rob Berendt" <rob@xxxxxxxxx>
To "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxxxxxxxx>
Date 9/28/2022 7:44:14 AM
Subject RE: Has authority changed on QUSRBRM/QA1AAU with 7.5?

I am hoping that if BRMS changed their model from just using adopted authority to also using the profile swap APIs then accessing the remote data would not have been an issue and I submitted an idea for this at
https://ibm-power-systems.ideas.ibm.com/ideas/IBMI-I-3407

Rob Berendt
-- IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Tuesday, September 27, 2022 2:08 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Has authority changed on QUSRBRM/QA1AAU with 7.5?

*savsys was there and is irrelevant.

Here is the resolution.
1 - The authority on the files in QUSRBRM are *PUBLIC *EXCLUDE and QBRMS *ALL. So instead of the user only having *USE like they had in 7.4 IBM recommended that I give them QBRMS as a group profile so they can do whatever they want with the data.
2 - I also had to run SETUSRBRM USER(DUMMY) USAGE(*ADMIN) on the system trying to restore from the backup on the remote system.

Rob Berendt
-- IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Evan Harris
Sent: Tuesday, September 27, 2022 1:54 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Re: Has authority changed on QUSRBRM/QA1AAU with 7.5?

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.


Maybe *SAVSYS for users who do restores rather than *ALLOBJ.

https://www.ibm.com/docs/en/i/7.5?topic=information-savsys-special-authority


On Wed, Sep 28, 2022 at 5:53 AM Rob Berendt <rob@xxxxxxxxx> wrote:

I have a "best practices" question when it comes to IBM i 7.5 and BRMS. In
the MTU for 7.5 IBM notes that they changed the *PUBLIC authority for the
BRMS files from *USE to *EXCLUDE. This causes an issue when someone without
*ALLOBJ authority tries to restore using RSTLIBBRM as it cannot read the
files. I noticed this on a 'remote' restore RSTLIBBRM FROMSYS(...). So how
do you resolve this?
1: Have someone with *ALLOBJ do your restores?
2: Submit "idea" to change it back?
3: Change *PUBLIC back to *USE and put that in your IPL program to fix it
after each ptf, release upgrade, etc?
4: Change *PUBLIC from *EXCLUDE to *AUTL and put an authorization list on
it?
5: Write wrapper programs to do restores which adopt authority?
6: Give *ALLOBJ to everyone who does restores?
7: Write the password for QSECOFR on your whiteboard?
I could not find an "idea" which requested that they change the authority.
What problem does it cause to have people read these files with only *USE?
Find what tapes hold certain objects and make sure you grab those tapes too
after you maliciously scrambled the objects?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Tuesday, September 27, 2022 11:04 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Has authority changed on QUSRBRM/QA1AAU with 7.5?

My bad:

https://www.ibm.com/docs/en/i/7.5?topic=programs-backup-recovery-media-services-5770-br1
BRMS database
The default for the BRMS shipped database is changing from *PUBLIC *USE
authority to *PUBLIC *EXCLUDE.

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob
Berendt
Sent: Tuesday, September 27, 2022 11:00 AM
To: midrange400 midrange400 midrange400 <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: Has authority changed on QUSRBRM/QA1AAU with 7.5?

I'm trying to determine if the authority changed on QUSRBRM/QA1AAU with
the upgrade to IBM i 7.5 or if we had lowered it on IBM i 7.4.
Basically if you do a RSTLIBBRM from a remote system and you do not have
*ALLOBJ it is starting to fail as the file QUSRBRM/QA1AAU is *PUBLIC
*EXCLUDE. I'm trying to determine if it was that way and we simply changed
the authority back when we upgraded to 7.4 or if this is new at 7.5.
So, on your 7.4 systems if you do a DSPOBJAUT OBJ(QUSRBRM/QA1AAU)
OBJTYPE(*FILE) do you *PUBLIC at *USE or *EXCLUDE?

Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 7310 Innovation Blvd, Suite 104
Ft. Wayne, IN 46818
Ship to: 7310 Innovation Blvd, Dock 9C
Ft. Wayne, IN 46818
http://www.dekko.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com



--

Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
-- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com
-- This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related questions.

Help support midrange.com by shopping at amazon.com with our affiliate link: https://amazon.midrange.com

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.