× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2001

RE: Changing user profiles without *SECADM; adding *SECADM without ev en having *SECADM

  • Subject: RE: Changing user profiles without *SECADM; adding *SECADM without ev en having *SECADM
  • From: "Burns, Bryan" <burnsbm@xxxxxxxxxxxxxxxxxxxx>
  • Date: Fri, 26 Jan 2001 16:57:28 -0600
 
Thanks Ed, and everyone else who responded.

It looks like the user adopts AMAPICS authority from the initial menu. The
AMAPICS profile has *ALLOBJ, *SECADM, *SERVICE among others, and user class
QSECOFR.

The initial menu involved here is one given to most users but most users do
not have command line access.  My concern is with programmers calling the
menu to gain AMAPICS authority.

This situation probably goes back many years and I may be wasting my time on
this, but it just seems to easy to gain SECADM authority by virtue of being
in a menu.
    
I will turn on *PGMADP on Monday and see what turns up. 

Bryan Burns
Echo, Inc.
Lake Zurich, IL
Burnsbm@echoincorporated.com   

        -----Original Message-----
        From:   Ed Fishel [SMTP:edfishel@us.ibm.com]
        Sent:   Friday, January 26, 2001 3:10 PM
        To:     MIDRANGE-L@midrange.com
        Subject:        Re: Changing user profiles without *SECADM; adding
*SECADM without ev en having *SECADM


        Bryan,

        I agree with the other people that responded and said that it sound
like
        the user can do this because they are using adopted authority. The
two of
        the many possible places the adopted authority is coming from are
the menu,
        if it is a TYPE(*PGM) menu, or from the users initial program. One
way to
        determine where the adopted authority is coming from is to turn on
*PGMADP
        auditing and then look at the AP audit record. This audit record
will be
        written to the QAUDJRN each time adopted authority is used. It will
include
        the name and library of the program using the adopted authority. It
will
        also include the name of the owning user profile that the program is
        adopting.

        Ed Fishel,
        edfishel@US.IBM.COM


        +---
        
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.