|
midrange.com
Ed Fishel wrote:
"It should not matter what QCDEXTPT does. Since this program is system
domain and has *EXCLUDE public authority your users are not be able to call
it. (You are running at security level 40 or 50 aren't you?) Also, it is
not the case that your user has "adopted the authority to this program".
Your user has invoked some function in OS/400 that is using the QCDEXTPT
program.
The AP (Adopted Authority) audit record is being written because a program
needs to use adopted authority to access one or more objects that the user
does not have authority to. You will not see AP audit records when someone
with authority uses the same function. Even though a program adopts its
owners authority that extra authority is only used when the job/thread
calling the program does not have authority to the objects used by the
program. The AP audit record indicates that the programs adopted authority
was actually used."
My interpretation of your response is that it's OK to have this particular
AP audit record. True? And, yes, I'm at level 40.
FWIW, I did some more research and found that the AP record was
(apparently) generated by the user selecting an option from a custom menu,
which prompts on a custom command (IE: the underlying command for the menu
option is of the form
("? RUNTHECMD')
Thanks for your response,
Steve
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
