|
>>Frank Kolmann wrote: >>I dont have a reason as such. One of our programmers >>modified a jobs *LIBL (system portion) with CHGSYSLIBL. >>Could not even do a SYS REQ cancel, or SIGNOFF. >>It is simply something that is very easy to do and >>I suspect will disable the AS400. >>IBM should prevent the backwards compatibility libs >>getting into the SYSLIBL. > >From: "Greg Day" <greg_day@hotmail.com> >Frank, >Your programmer didn't have a reason? That's not very logical. > >Sounds like she/he also has *ALLOBJ authority if she/he has access to the >CHGSYSLIBL command (ships PUBLIC *EXCLUDE). Likewise, to change system value >QSYSLIBL you need special authority not normally recommended for a >programmer. > >Do you know what other damage an *ALLOBJ user can do to your system if they >just try things for no reason. These a few commands that spring to mind (I >won't mention them here in case your programmer is watching :)) - all of >which are just too easy to use. > >I think you are asking too much for IBM to prevent these sorts of programmer >actions. > >Greg. Hi Greg, The backwards compatibility libraries exist for special reasons and I do not think it is asking too much,that one of the special reasons is that they 'are prevented from being added to the LibL'. On our system no one (except QSECOFR) has *ALLOBJ aut. Why this happened is he tried to start QSH after the V4R5 upgrade. For some reason it was not installed properly, but he found that there was a QSH in QSYSV4R4M0, hence the rest. These are the authority settings. Basically QPGMR. Also QPGMR on our machine has access to both CHGSYSLIBL and CHGSYSVAL, I am not aware that we did anything special to enable this. User class . . . . . . . . . . . . . . . . : *PGMR Special authority . . . . . . . . . . . . : *JOBCTL *SAVSYS Group profile . . . . . . . . . . . . . . : QPGMR Owner . . . . . . . . . . . . . . . . . . : *GRPPRF Group authority . . . . . . . . . . . . . : *NONE Group authority type . . . . . . . . . . . : *PRIVATE Supplemental groups . . . . . . . . . . . : *NONE Assistance level . . . . . . . . . . . . . : *SYSVAL Object . . . . . . . : CHGSYSLIBL Owner . . . . . . . : QSYS Library . . . . . : QSYS Primary group . . . : *NONE Object type . . . . : *CMD Object secured by authorization list . . . . . . . . . . . . : *NONE Object User Group Authority *GROUP QPGMR *USE Frank Kolmann
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.