At 07:50 PM 7/9/1998 -0400, you wrote:
>Hi folks;
>I got a question concerning my current programming job.  Here's the
>scenario:  I am assigned a program that requires fixing, and this
>program is maybe 4 CLP's and 5 RPG programs deep into CALL's, therefore
>knowing exactly (dspjob info) the files it is accessing and any
>variables in a program *ENTRY PLIST is very helpful and a valuable time
>saver as well as an error preventer.  Normally what I would do is this:
>a) Have production user sign on to the system.
>b) Identify the name the AS400 has assigned to this users job.
>c) Then I would do the STRSRVJOB command on this job.
>d) Then a STRDBG on the specific program I wanted processing to stop on,
>for my brief (information) collection.
>e) I would then allow the user to progress to the program area I wanted
>to look into.
>e) At program stop time I would view the PARMS in the *ENTRY PLIST of
>the program and the actual files the program was pointed at.
>Well guess what!  Programmers at this company are not AUTHORIZED to do
>this on a production machine, this has me floored!
>I would appreciate any suggestions my fellow-list-people would offer me
>to somehow circumvent this perplexing problem.
>Thanks very much in advance.

It doesn't sound like you're going after production data—although you could
while in a debug session. We have a system in place (similar to what Dean
mentioned) whereby a programmer must call help desk, who log the request
for extra authority. Help desk executes a command called Authorize
Programmer (AUTPGMR). Then the programmer signs on and executes a command
called Log Command (LOGCMD). The programmer ends up at a command line
(QCMD) with full authority until he/she exits from said command line.
Should they not do so, the next morning (IPL in our case—don't ask), that
user is removed from the authorization list for the LOGCMD command.
Security auditing is activated for the user. Of course, someone needs to
LOOK at the security audit journal! :-(

The code is based on an article in NEWS/400. I can get it to you if you
want. Contact me privately, please.

I think you could get the authority you need to do your job, if you can
present a way to create an audit trail of any activities performed under
extraordinary circumstances.

Good luck

Vernon Hamberg
Systems Software Programmer
Old Republic National Title Insurance Company
400 Second Avenue South
Minneapolis, MN  55401-2499
(612) 371-1111 x480

| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].