Re: FW: QUSEC being cleared

On 26-Mar-2014 02:49 -0700, Paul Bailey wrote:

CRPence on 25 March 2014 16:35 wrote:

The lack of capabilities for the methods write, update (ALWUPD),
and delete (ALWDLT) capability does not in any way influence nor
prohibit the clear method.

Is there any way to inhibit the clear method as well? The
QSYSINC/QRPGLESRC file should be unchangeable without proper
authority (i.e. QSECOFR only).

Authority would be the most desirable means to effect preventing the clear. The file should have no more authority for the user [e.g. *PUBLIC] than *USE, and the user accessing the file should not have the special authority *ALLOBJ. Although the origin of the defect might be found either to have incorrectly adopted authority [via a program or a user implementing the action at the server] in the circumstances of the faulty behavior; i.e. would be a security\integrity defect, which should receive high priority for investigation and resolution.

Both the database open exit point and a delete trigger can assist in preventing clear; irrespective of the authority to the source file. For the former, a user exit must be coded; newer support allows limiting the file affected by the exit, to only audited database files. For the latter, just the existence of a *DLT trigger prohibits the clear method; i.e. the program named even could be QCMD, because the program will never get called... and for any actual delete method, the call to that program would fail because zero parameters are required but the database invokes the trigger program with two parms.