× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2001

Re: How do I give authority for *PGMR to look at job log of*SECADM?

  • Subject: Re: How do I give authority for *PGMR to look at job log of*SECADM?
  • From: "John Earl" <johnearl@xxxxxxxxxxxxxxxxxx>
  • Date: Wed, 6 Jun 2001 19:49:47 -0700
  • Organization: The PowerTech Group
 


> The problem with this scenario is NOT the fact that a profile with
*ALLOBJ has created a file, but that the library CRTAUT parameter that
the file was created in has NOT been set appropriately. (Been there -
had that done to me @ 3:04 a.m.)

That depends on your definition of appropriate authority for CRTAUT.
My definition is that a libraries CRTAUT = *EXCLUDE.  Then the process
that actually creates any new file should manage the authority to the
file.  This is because not all objects in a library will or should
have the same *PUBLIC authority requirements.

But then in order for this to work, applicaiton developers would
actually think about security when they design and build their
applicaitons.

John (Sarcasm?  Me??? No way!) Earl


> >>> Buck Calabro <Buck.Calabro@commsoft.net> 06/06/01 04:41PM >>>
> >> I agree that *ALLOBJ for our Job Scheduler user is extreme, but
you
> >> definitely don't get any calls at 3:00 AM for authority problems.
> >>:-)
> >
> >Sure, if folks have *ALLOBJ they never have to call with security
> >problems.  But in this case it is the calls that you don't get that
> >should scare you.
>
> I've been burnt by a *ALLOBJ job creating files during a reorg and
then the
> normal *USER follow-on jobs all die because of lack of authority.
That's
> always good for a 0300 call.


+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.