• Subject: RE: "Lucy, 'splain me!" (Security Question)
  • From: "Kahn, David" <KAHN@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 12 Nov 1997 00:30:31 +0500


This is a security enhancement that came in (I think) with V3R1.
*ALLOBJ, or adopting QSECOFR authority is no longer sufficient to work
with user profiles. You now need explicit *SECADM rights.

Dave Kahn, TCO, Kazakstan

kahn@tengizchevroil.com   (to November 25)
dkahn@cix.compulink.co.uk (from November 26)

>-----Original Message-----
>From:  DAsmussen@aol.com [SMTP:DAsmussen@aol.com]
>Sent:  Monday, November 10, 1997 1:39 PM
>To:    midrange-l@midrange.com
>Subject:       "Lucy, 'splain me!"  (Security Question)
>OK Folks,
>I'm obviously overlooking something here, so perhaps someone out there can
>point me in the right direction.  I have a user profile defined as user class
>*SECOFR, with *ALLOBJ special authority (among others) on a CISC system
>running V3R2 of OS/400.  Suddenly, perhaps after a PTF application, this user
>profile can no longer perform CHGUSRPRF or WRKDIRE -- it gets a "*SECADM
>special authority required" message for both functions.  As far as I can
>tell, both commands are still at the same factory default authority settings
>that they were when this profile _WAS_ able to perform these functions.
>Under the old V2 releases, a profile like this could have changed the QSECOFR
>password.  So what gives?
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to "MIDRANGE-L@midrange.com".
| To unsubscribe from this list send email to MAJORDOMO@midrange.com
|    and specify 'unsubscribe MIDRANGE-L' in the body of your message.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].