|
Thanks Ed, and everyone else who responded. It looks like the user adopts AMAPICS authority from the initial menu. The AMAPICS profile has *ALLOBJ, *SECADM, *SERVICE among others, and user class QSECOFR. The initial menu involved here is one given to most users but most users do not have command line access. My concern is with programmers calling the menu to gain AMAPICS authority. This situation probably goes back many years and I may be wasting my time on this, but it just seems to easy to gain SECADM authority by virtue of being in a menu. I will turn on *PGMADP on Monday and see what turns up. Bryan Burns Echo, Inc. Lake Zurich, IL Burnsbm@echoincorporated.com -----Original Message----- From: Ed Fishel [SMTP:edfishel@us.ibm.com] Sent: Friday, January 26, 2001 3:10 PM To: MIDRANGE-L@midrange.com Subject: Re: Changing user profiles without *SECADM; adding *SECADM without ev en having *SECADM Bryan, I agree with the other people that responded and said that it sound like the user can do this because they are using adopted authority. The two of the many possible places the adopted authority is coming from are the menu, if it is a TYPE(*PGM) menu, or from the users initial program. One way to determine where the adopted authority is coming from is to turn on *PGMADP auditing and then look at the AP audit record. This audit record will be written to the QAUDJRN each time adopted authority is used. It will include the name and library of the program using the adopted authority. It will also include the name of the owning user profile that the program is adopting. Ed Fishel, edfishel@US.IBM.COM +--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.